Concern about cyber threat to U.S. critical infrastructure heightened

Bloomberg

While Iran has long posed a formidable cyber threat to the United States, the ongoing war has heightened concern about the risk to U.S. critical infrastructure from Iran-backed hackers.

"My concern is heightened for sure," Linn Freedman, a partner at Robinson & Cole LLP, who is chair of the firm's data privacy and cybersecurity practice and of the artificial intelligence team, said in an interview last week.  

"All critical infrastructure should be on heightened awareness, and that's clearly the message that we're getting from the federal government," Freedman said. "And so I would not ignore that." 

In a blog post published on her firm's website last week, Freedman pointed to a Joint Cybersecurity Advisory issued April 7 that warned of Iranian-affiliated cyber actors targeting U.S. critical infrastructure. The joint advisory was co-authored by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Environmental Protection Agency, the Department of Energy, and the United States Cyber Command – Cyber National Mission Force.  

Those "authoring agencies" were "urgently warning U.S. organizations of ongoing cyber exploitation of internet-connected operational technology (OT) devices, including Rockwell Automation/Allen-Bradley-manufactured programmable logic controllers (PLCs), across multiple U.S. critical infrastructure sectors," the advisory said. 

"These threats are serious and we encourage all organizations, to include state and local governments, to position themselves to protect themselves against bad-actors including Iran-affiliated advanced persistent threat actors," the FBI said in a statement provided to The Bond Buyer.

An April 7 press release from the EPA said the joint advisory warning was issued to U.S. organizations including those in the water sector. 

"U.S. organizations are experiencing exploitation and, in some cases, disruption of commonly used operational technology at drinking water and wastewater systems that are diligently working to ensure that Americans can rely on clean and safe water," the EPA's release said.

The release also included comments from EPA Assistant Administrator for Water Jess Kramer. 

"Water systems are encouraged to stay informed and work to adopt cybersecurity best practices," Kramer said.

The City of Minot, North Dakota recently won praise from the FBI for the city's quick action in the wake of a cyberattack involving the city's Water Treatment Plant. 

"On March 14, staff from multiple City of Minot departments reacted to a ransomware event on a computer server at our Water Treatment Plant," according to a March 31 statement the city issued concerning the event. "The affected server was unplugged and our staff conducted manual procedures for about 16 hours, which involved more frequent, on-location gauge checks." 

The water treatment plant and all city facilities related to its water system remained operational, the statement said. 

"Our water supply was safe at all times," the statement said. "Regarding the ransomware, there was no direct ask for money and there was no direct interaction beyond a letter on a screen." 

Asked if the City of Minot had any idea who was behind the attack, Jennifer Kleen, the city's communication and engagement manager, replied "We do not know." The city appreciated "the support from our local FBI office," Kleen said.

"We applaud the city for acting quickly and allowing the FBI to work with the city's IT
professionals and our law enforcement partners on this investigation," the FBI said in a statement regarding the incident.  "Unfortunately, the most critical threats to infrastructure come from our networks." 

Robinson & Cole's Freedman in blog posts last week highlighted the ransomware attack on the water treatment plant in Minot as well as a cyberattack suffered by Winona County, Minnesota.

Last week, Winona County detected and responded to a ransomware attack on its computer network, according to a press release the county issued.

"To ensure we could access all necessary resources to respond effectively, a Local State of Emergency was declared," the release, posted April 9, said. "As part of that response, the County requested and received assistance from the Minnesota National Guard, including a specialized cybersecurity and recovery team to support investigation, containment, and system restoration efforts." 

An executive order signed by Minnesota Gov. Tim Walz April 7 authorizing the Minnesota National Guard to support Winona County following the attack indicated that the "costs of this assistance shall be paid from the general fund." 

Generally speaking, state and local governments "have always been more vulnerable to cyberattacks because they are limited in their funds because they're taxpayer funds," Freedman said in the interview. 

Given that such governments always tend to be struggling to have enough money for things like schools and roads, they don't necessarily have the extra funds to "have a sophisticated plan around a cyberattack,"  she said. 

"So it's not their fault," Freedman said. "They shouldn't have to have a sophisticated cybersecurity program to thwart Iranian-backed hackers, like that is a little crazy when you think about it." 

Still, state and local governments as well as other organizations can't afford to ignore the threat in the current environment, she said. 

"You have to have a budget," Freedman said. "You have to have the ability to put a basic program in place so that all your windows and doors aren't open."