The U.S. Infrastructure Is Targeted: The Value Of A Cybersecurity Strategy For All Organizations

February 8, 2024

Hacking groups affiliated with the Chinese People's Liberation Army reportedly attacked dozens of U.S. critical infrastructure organizations, including utilities, oil and gas pipelines, communications, and transportation.

Experts believe the attack is part of China's Volt Typhoon cyber campaign. The campaign has been targeting logistical entities in "manufacturing, education, communications, information technology, utilities, construction, and more" since 2021.

Some of the key resources targeted in the campaign include "a port on the West Coast, water utilities systems in Hawaii, a critical oil and gas pipeline, and a Texas power grid operator."

Experts believe the attack in Hawaii suggests an attempt to disrupt operations of the Pacific fleet.

So far, the cyberattacks have not caused any disruptions in services. However, hackers associated with the campaign have "stolen employee credentials with back door entries." They use "arbitrary home and workplace routers to hide their tracks."

The U.S. government is reportedly working with tech companies and the private sector on mitigation strategies, including "more stringent monitoring, improvements to authentication methods, and large-scale password resets." Anuj Mudaliar "China-Affiliated Hackers Hit Critic U.S. Infrastructure" www.spiceworks.com (Dec. 12, 2023).

 

Commentary

 

Here are steps to consider when making a cybersecurity strategy, according to the Federal Communications Commission www.fcc.gov:

 

1.   "Train employees in security principles;

2.   Protect information, computers, and networks from cyber attacks;

3.   Provide firewall security for your Internet connection;

4.   Create a mobile device action plan;

5.   Make backup copies of important business data and information;

6.   Control physical access to your computers and create user accounts for each employee;

7.   Secure your Wi-Fi networks;

8.   Employ best practices on payment cards;

9.   Limit employee access to data and information, limit authority to install software; and

10. Passwords and authentication."

Couple your strategy with employee training on cybersecurity procedures. The vast majority of breaches begin with human error.

Finally, your opinion is important to us. Please complete the opinion survey: