Tag: IACIPP

IACIPP Concerned at Increasing Ransomware Attacks Against Critical Infrastructure

Association News, Cyber Security CII sector, Power/Energy/Oil & Gas sector
The International Association of CIP Professionals (IACIPP) is concerned about the increasing threat and ransomware attacks against critical infrastructure and in particular the energy sector.
As has been demonstrated by the recent ransomware attack on Colonial Pipeline in North America, and the impact this has had across other infrastructure services, and the wider economic impact on, for example, the price of petrol and oil, such attacks should be a concern to us all.
"The attack on the Colonial Pipeline Industrial Control System was not a total surprise. For years, our pipeline infrastructure and other critical infrastructures have experienced an ever-increasing level of probes and attacks.  The ICS owners and operators must be vigilant and assure their systems are continuously monitored and armed with the latest cyber protection tools." Commented Dr. Ron Martin, CPP,  Professor of Practice: Critical Infrastructure, Industrial Control System Security, and Access and Identity Management at Capitol Technology University.
Although the FBI and other federal and private cybersecurity entities are working to mitigate the effects of the attack on Colonial Pipeline, there needs to be the wider discussion and collaboration across industry sectors to prepare for future attacks to mitigate future economic impact such attacks cause.
“Our critical infrastructure sectors are the modern day battlefield and cyber space is the great equalizer. Hacker groups can essentially attack with little individual attribution and virtually no consequence. With over 85% of all infrastructure owned and operated by the private sector, significant investment and attention must be placed on hardening key critical systems. I anticipate more attacks like this happening in the future. A key lesson here is that while technology and automation is good, we must also have the ability to efficiently operate manually as well. Attacks will happen, but how quick can you recover and restore critical services?” commented Brian Harrell, Strategic Adviser to IACIPP and Former Assistant Secretary for Infrastructure Protection.
CISA and the Federal Bureau of Investigation (FBI) have recently released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against Colonial Pipeline.
Chuck Brooks, President of Brooks Consulting International and cyber expert, commented, “Protecting critical infrastructure needs to be a shared responsibility of both the public and private sectors. The energy sector become a preferred target of sophisticated hackers often in collusion with nation state actors. The cost of breach as evidenced in the Colonial pipeline ransomware attack can be disruptive to commerce and impact many industry verticals. “
“Critical infrastructure needs to be fortified from cyberattacks and physical attacks in a joint government/industry collaboration. Resources need to be invested in emerging automation technologies and training. IT and OT systems need to be monitored at the sensor level for anomalies. Sensitive operations need to be segmented and air gapped. Back up of data is an imperative and resiliency a requirement for all critical infrastructure operations. It may take new laws and regulations, but it needs to be done.” Concluded Mr Brooks.
The cyberattack against Colonial Pipeline that was discovered on May 7 underscores the growing impact of cyberthreats on industrial sectors. While the investigation is ongoing and important lessons from this attack will be extracted in the next few weeks, the fact that Colonial Pipeline had to pro-actively take their OT systems offline after starting to learn about which IT systems were impacted by the ransomware is significant.
John Donlon QPM the Chairman of IACIPP stated - ‘This type of attack comes as no real surprise. It is consistent with recent trends and what is really quite concerning is the fact that the scale and impact of such events continue to escalate. We have seen recent Government activity across the Western world seeking to put in place support to Infrastructure Owners and Operators but the speed of new attack methodologies, either through nation-state actors or criminal groups, means it is not always easy to keep ahead of the curve. Unfortunately, I believe we will continue to see even greater escalation in the power of attacks being executed and therefore the breadth and depth of collaboration between governments and the private sector has to develop at pace’.
This will also be subject to a case study panel discussion at Critical Infrastructure Protection and Resilience North America (www.ciprna-expo.com) in New Orleans LA on 19th - 21st of October 2021.
Leave a comment , , , ,

IACIPP and Capitol Sign Agreement to Advance Worldwide Critical Infrastructure Awareness and Knowledge

Association News, Cyber Security CII sector, Telecomms sector, Transport sector, University/Research/Academia sector, Water sector
Capitol Technology University and the International Association of Critical Infrastructure Protection Professionals (IACIPP) signed a Memorandum of Understanding (MOU) to develop a partnership that will extend efforts to improve the training and education of Critical Infrastructure Students and professionals. Both parties recognize a high demand for worldwide cooperation to increase the effectiveness of research, education, and activities in the critical infrastructure field of study. This MOU will facilitate the development of joint seminars, conferences, and training courses.
“As an Association we aim to deliver discussion and innovation— on many of the serious infrastructure, protection, management, and security challenges—facing both industry and governments. The ever changing and evolving nature of threats, whether natural through climate change or man-made through terrorism activities, either physical or cyber, means there is a continual need to review and update policies, practices, training, and technologies to meet these growing and changing demands,” said John Donlon QPM, Chairman IACIPP. “This partnership with Capitol Technology University enables both parties to develop and enhance objectives through education and training.”
A nation’s critical infrastructure provides the essential services that underpin a society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure— including assets, networks, and systems—that are vital to public confidence and a nation’s safety, prosperity, and well-being.
Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery.
The International Association of Critical Infrastructure Protection Professionals (IACIPP) is an international association of practitioners and professionals involved in the security, resilience and safety of critical infrastructure, both physical and information infrastructure.
The IACIPP is open to critical infrastructure operators and government agencies, including site managers, security officers, government agency officials, policy makers, research & academia. The Association also aims to share ideas, information, experiences, technology and best practices to enhance these objectives.
Capitol Technology University, located in Laurel, Maryland, is an independent institution that has focused on STEM education since 1927. Capitol Tech, the national winner of the 2020 SC Media Award for Best Cybersecurity Higher Education Program, offers hands-on courses taught by industry experts that lead to undergraduate and graduate degrees in emerging fields such as Mechatronics Engineering and Artificial Intelligence.
Leave a comment , , ,

Latest issue of World Security Report has arrived

Association News, Cyber Security CII sector, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The Winter 2020-21 issue of World Security Report for the latest industry views and news, is now available to download.
In the Winter 20-21 issue of World Security Report:
- Priority of Protecting Digital Critical Infrastructure Will Grow in 2021, by Chuck Brooks
- A view of Facility Industrial Control System Security, by Ron Martin
- The Need for Higher Level Strategic Approaches to Cyber Security, by Bonnie Butler
- Critical Infrastructure Protection Starts at the Perimeter
- Effective Security Options for Healthcare Facilities
- African Terror Groups ‘Rebrand’ as Islamic State
- IACIPP Association News
- Industry news
Download your copy today at www.cip-association.org/WSR
Leave a comment , , , , ,