https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

News


Pixabay

News

Federal hearing highlights Russian cyberthreat, vulnerabilities to U.S. critical infrastructure

Federal hearing highlights Russian cyberthreat, vulnerabilities to U.S. critical infrastructure

  • Written by Andy Castillo
  • 5th April 2022

Even before Russia’s unprovoked invasion of neighboring Ukraine, addressing an emerging cyberthreat and bolstering the digital defenses of America’s critical infrastructure was a top priority, brought into the national spotlight in recent years following notable incidents like the Colonial Pipeline ransomware attack. 

With all that’s taken place internationally over the last month or so, that focus has heightened. 

“Over the past decade, Russia has demonstrated its capability and willingness to deploy cyber (attacks),” said Rep. Ritchie Torres (NY-15), chair of the House Committee on Homeland Security, at a hearing Tuesday with private industry cybersecurity experts titled “Mobilizing our cyber defenses: Securing critical infrastructure against Russian cyber threats.” 

Throughout the hearing, lawmakers questioned experts about the vulnerabilities of critical infrastructure and the cyberthreat posed by Russia given the international situation. 

To meet the globalized digital threat faced by administrators overseeing critical infrastructure—whether publicly owned, privately operated or investor managed—the Biden Administration, according to Torres, has engaged in “unprecedented intelligence sharing,” alerting agencies to threats as they arise. This endeavor has been led by the Cybersecurity and Infrastructure Security Agency and its Shields Up initiative, which was launched ahead of Russia’s invasion.  

Steve Silberstein, CEO of the Financial Services Information Sharing and Analysis Center, applauded the measure as effective, calling it a “paradigm shift from reactive to proactive sharing.” 

To that end, the federal agency regularly posts cybersecurity threat assessments through its known exploited vulnerability catalog and information to help IT better professionals secure their servers.  

“There has never been a more important for our businesses, our state and local governments … to be prepared,” said Rep. John Katko (NY-24), ranking member on the House Committee on Homeland Security. Quoting a previous address from President Joe Biden, he added: “There is, ‘evolving intelligence that the Russian government is exploring options of cyberattacks.’” 

To this point, with the rise of cybercriminals-for-hire and ransomware attacks, “The motives have either been financial gain or intelligence gathering—not pure destruction. But what if the goal was pure destruction?” he asked, citing a cyberattack last year on a water treatment plant in Oldsmar, Fla. An unknown hacking group was able to gain access to the plant’s system and poison the water supply by raising the sodium hydroxide levels—known as lye—tenfold. 

An operator noticed the rising chemical levels and quickly reverse the action. 

“Across the country, cybersecurity professionals are on a high alert, monitoring—preparing for attacks against critical U.S. infrastructure,” said Adam Meyers, senior vice president for intelligence at Crowdstrike. “As Russia began to amass forces on the Ukrainian border, cyberattacks increased in turn,” he continued, noting defacements of Ukrainian websites and wiper attacks. Internationally, the war has perhaps “reshaped the technological landscape.” 

Across critical infrastructure sectors, different areas are better prepared for the global cyberthreat than others. The financial sector, for example, is well equipped, given its interface with private organizations. Industrial sectors, on the other hand, “are much more deliberate; their infrastructure moves much more slowly,” said Amit Yoran, CEO of Tenable Inc., a Maryland-based cybersecurity company. And while the sector as a whole has been moving toward digital security recently, “The pace of risk these sectors are facing has really increased in recent years, so I think” they are at huge risk. 

He noted this deliberate pacing is intentional “to prevent large outages. … It’s important, when we talk about these efforts, to remember there are such distinct differences between critical infrastructure,” and different approaches make sense for different sectors. 

But cybersecurity measures can only be effectively implemented in response to a cyberthreat by someone who understands it in a technical sense. And in this lies the problem, said Yoran. U.S. critical infrastructure is operated through a patchwork of systems, highly connected, “with each operating with various degrees of cybersecurity,” he noted. 

Until the Biden Administration’s executive order last year, setting down standardized cybersecurity guidelines and best practices, there was not a collective set of rules that could be rallied around. Instead, organizations implemented different measures as they understood them. 

Thus, those organizations that have invested in digital defenses over the past decade are prepared to meet the threat. But those operating with sometimes two-decade-old technology and, in some cases, without a cybersecurity manager, the intelligence-focused approach that’s been taken as a response to the Russian invasion isn’t as helpful. 

“Advisories and alerts are highly technical and may be hard to implement by facilities that don’t have a dedicated cybersecurity (division),” said Kevin M. Morley, Ph. D, manager of federal relations for the American Water Works Association. Because of that, Morley told Homeland Security Committee members it would be best to simplify notifications. 

“Most organizations just want two things: What is the vulnerability? What do they have to do to (remedy) it?” he said. 

Tags: homepage-featured-1 homepage-featured-2 homepage-featured-4 News Smart Cities & Technology News Smart Cities & Technology News

Most Recent


  • Smart911 emergency profiles provide first responders with more information, faster
    Since the first full time fire department was established in Cincinnati in 1853, emergency responders have raced into unknown scenarios with limited advance information when the firehouse bell rings—until now. Among the many advancements of next-generation 911 dispatch systems, Smart911, an app developed by Rave Mobile Safety, automatically displays resident profiles during an emergency—including details […]
  • MSPs
    The MSP downstream cyberthreat paradox: Understanding the city and county connection
    Recently the Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI, NSA, and international cyber authorities issued a cybersecurity advisory aimed at protecting managed service providers (MSPs) and their customers. This high-level advisory has been gestating for some time ever since the SolarWinds and Kaseya supply chain cyber-attacks. A software supply chain attack occurs […]
  • Philanthropic group to launch assistance portal for local admins navigating federal bureaucracy
    A joint venture announced Tuesday by a group of philanthropic organizations—in collaboration with the U.S. Conference of Mayors, the National League of Cities (NLC) and Results for America—seeks to help small and mid-sized communities secure their piece of the $550 billion in funding available for local governments navigating federal bureaucracy. The digital portal will launch […]
  • Report: Nearly 95 percent of America's mayors face harassment, threats and violence
    In today’s divided socioeconomic landscape—one that’s rife with political angst—harassment of mayors has become commonplace, especially against minority leaders. Women mayors and mayors of color face more frequent and acute incidents of harassment and violence, according to new research from the advocacy organizations Equity Agenda and the Mayors Innovation Project. Nearly half of all women mayors […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • security
    IWCE 2022: Public safety digital security and the threat of cyberattacks
  • cybersecurity
    New year, new technology: How local governments can proactively combat cybersecurity challenges
  • Infrastructure report highlights challenges anticipated by local leaders in coming years
  • Russian invasion of Ukraine highlights need for cybersecurity at local level

White papers


The PIO’s Ultimate Guide to Social Media

16th May 2022

Gain Greater Visibility Into Your Public Works Fleet

16th May 2022

Arizona Arts Center Meets Rapid Deadline with Hundreds of Thousands in Savings

26th April 2022
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

Amid shifting workplace expectations, local government employers must adapt dlvr.it/SQm2RT

20th May 2022
AmerCityCounty

Smart911 emergency profiles provide first responders with more information, faster dlvr.it/SQh9gl

19th May 2022
AmerCityCounty

Minor league baseball is helping cities hit a revitalization home run dlvr.it/SQc5N4

18th May 2022
AmerCityCounty

Sustainable Purchasing Leadership Council can help governments get up to speed on sustainable buys dlvr.it/SQbwqL

18th May 2022
AmerCityCounty

The MSP downstream cyberthreat paradox: Understanding the city and county connection dlvr.it/SQYVjs

17th May 2022
AmerCityCounty

Philanthropic group to launch assistance portal for local admins navigating federal bureaucracy dlvr.it/SQY16G

17th May 2022
AmerCityCounty

Report: Nearly 95 percent of America’s mayors face harassment, threats and violence dlvr.it/SQTn2z

16th May 2022
AmerCityCounty

The PIO’s Ultimate Guide to Social Media dlvr.it/SQTdCK

16th May 2022

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X