Start your day with intelligence. Get The OODA Daily Pulse.
In this age of global polycrisis, safeguarding critical infrastructure has become a top priority for governments, businesses, and security professionals. This post provides a brief Q324 survey of the risks and vulnerabilities faced by essential systems, from energy grids to communication networks and transportation to the water, food, and agriculture sectors. This risk assessment identifies potential threats and evaluates weaknesses.
“Food and agriculture has avoided the cybersecurity spotlight so far because hackers are focused on more valuable targets elsewhere. But that won’t last forever.”
The nightmare scenarios are numerous: Desiccated farms menaced by out-of-control tractors. Meatpacking plants silently overrun by diseased animals. Trucks clogging highways for hours, their cargo areas full of rotting food. The U.S. Department of Agriculture is supposed to prevent these disasters by helping the food and agriculture sector protect its infrastructure from physical threats and cyberattacks. But in an era of growing digital dangers, USDA is woefully unprepared to play that role, according to policymakers, independent experts and even the department’s own warnings to Congress.
USDA has assigned this critical mission to a small, underfunded office that also handles a range of other tasks. Department leaders rarely discuss the acute cyber threats facing the food and agriculture sector — which accounted for more than 5% of the U.S. economy and roughly 10% of U.S. jobs last year — and it’s unclear if the department has meaningfully reduced those threats. While other agencies tasked with protecting vital infrastructure have aggressively confronted cyber challenges, USDA has shown little of the same urgency, even as its industry partners grow increasingly worried about their digital vulnerabilities.
“Nation-state attacker are exploiting vulnerabilities in products from Check Point Software, Palo Alto Networks and others to attack multiple industries.”
Critical infrastructure providers and other organizations in the U.S. are facing a heightened risk of malicious cyberattacks from Iran-linked actors, according to threat researchers and U.S. officials. The FBI and Cybersecurity and Infrastructure Security Agency last week issued a joint warning with the Department of Defense Cyber Crime Center about Iran collaborating with criminal ransomware groups to attack key industries in the U.S. and other foreign countries. The group, known as Pioneer Kitten, has been collaborating with high-profile ransomware actors, including AlphV, Ransomhouse and NoEscape, in exchange for a cut of the ransom payments, officials said. The Iran-lined actors were seen scanning IP addresses as recently as July for Check Point Security Gateways that were potentially vulnerable to CVE-2024-24919. The Check Point vulnerability, first disclosed in late May, allowed attackers to read information on internet-connected gateways with remote access VPN or mobile access enabled.
“The report comes amid a rise in malicious cyberthreats from state-linked and criminal hackers targeting U.S. drinking water and water treatment facilities.”
On August 28th, as reported by The Record: “Millions of Ukrainians have experienced internet disruptions over the last two days following Russian missile and drone strikes targeting critical infrastructure throughout the country. According to data from the internet monitoring service NetBlocks, national internet connectivity in Ukraine remains at 71% of ordinary levels as of Tuesday. Why it matters:
On August 27th, as reported at Security Week: “The Port of Seattle, including the SEA Airport, [experienced] system outages likely caused by a cyberattack. For the past three days, the Port of Seattle, including the Seattle-Tacoma International Airport (SEA Airport), has been struggling with system outages potentially caused by a cyberattack. Impacting internet and internal systems, the outages began on August 24, affecting various services, the Port announced on X (formerly Twitter). “Earlier this morning the Port of Seattle experienced certain system outages indicating a possible cyberattack. The Port isolated critical systems and is in the process of working to restore full service and does not have an estimated time for return,” the Port said on Saturday. In addition to the SEA Airport, the outages impact maritime facilities, and travelers are encouraged to contact them by phone, the Port noted on a dedicated updates page. The airport did not provide details on the type of cyberattack it fell victim to and SecurityWeek has not seen any known ransomware groups claiming responsibility for it.
Intelligence and security reports indicate a marked increase in sabotage and “gray-zone” or “hybrid” attacks across Europe and potentially targeting the United States. These activities, primarily attributed to Russia and China, represent an evolution in geopolitical conflict that falls below the threshold of traditional warfare, but poses risks to national security and economic stability. In a disturbing series of incidents surrounding the 2024 Paris Olympics, France has experienced multiple acts of sabotage targeting critical infrastructure, raising serious concerns about security and the potential involvement of extremist groups. These incidents occur against a backdrop of increasing geopolitical tensions and a rise in nation-state sabotage activities across Europe. Intelligence agencies from multiple European countries have warned their governments that Russia, in particular, is plotting violent acts of sabotage across the continent as part of a strategy of permanent conflict with the West.
Recent examples of suspected Russian-linked sabotage include:
Private companies – especially those in critical sectors such as energy, telecoms, transportation, health care, water, ports, and finance – face heightened risk of becoming targets. Nation-state actors often view private sector entities as extensions of national interests, making them legitimate targets in geopolitical conflicts. The diverse and evolving nature of sabotage tactics creates a multifaceted threat environment that is challenging to predict and mitigate. Beyond direct damages, sabotage attempts can have broader economic implications, disrupting supply chains, market dynamics, and customer relationships. Intelligence capabilities are becoming vital for corporations. Organizations need to develop threat monitoring and analysis capacities, while collaborating with government agencies where appropriate. Regular scenario and crisis simulation is key to ensure effective response.
China’s hackers are preparing to “wreak havoc” and “cause real-world harm” to Americans, FBI Director Christopher Wray [warned] in congressional testimony [in January 2024]. “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure — our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems. And the risk that poses to every American requires our attention — now,” Wray says in selected testimony released by the FBI ahead of the hearing. He says they are “attacking our economic security, engaging in wholesale theft of our innovation, and our personal and corporate data.” Wray has been consistently sounding the alarm on how much of a threat China is to the United States…”
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly warned that the Chinese government would consider destructive or disruptive attacks on American pipelines, railroads and other critical infrastructure if it believed the U.S. would get involved during a potential invasion of Taiwan. Here’s what you need to know:
More than half of all cyberattacks on government agencies, critical infrastructure organizations and state-level government bodies involved the use of valid accounts, according to a new report from the Cybersecurity and Infrastructure Security Agency (CISA)
https://oodaloop.com/archive/2024/08/30/shields-ready-critical-infrastructure-security-and-resilience-2/
For our News Briefs and Original Analysis research efforts to date on this topic, go to:
Information Warfare, Social Engineering, and Ransomware: A Global Situational Awareness and Threat Vector Survey: As we slide into the end of summer weekend in the U.S., we take a “bird’s eye” view of the high-threat level created by the 2024 U.S. Presidential Election. In this post: a situational awareness and threat vector survey of information warfare, social engineering, and ransomware incidents and activities worldwide as of Friday, August 30, 2024 – including a very recent joint Cybersecurity advisory from the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS) and context on the recent arrest of the Telegram CEO.
“…Leaving our Nation Vulnerable to Cyber Invasion”: Volt Typhoon’s Recent Zero Day Attack on U.S. Internet Providers: Thank you to the OODA Loop News Brief team for surfacing our initial report of the Volt Typhoon Zero Day attack (Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day). This attack occurs fast on the heels of a renewed, very specific warning that was just issued at Black Hat USA a couple of weeks ago (characterizing the recent CrowdStrike incident as a ‘dress rehearsal’ of what the impacts of a major attack on U.S. Critical Infrastructure would look like – and then some). In this post: more details of the recent zero day attack – and the What Next? from the perspective of the firm, strident, strategic messaging by CISA and national security experts over the course of the last two years. If this threat vector has been on your organizations strategic back burner to date – time to shift to the Decide and Act of your internal OODA Loop ASAP.
CISA Director Easterly on “Democracy’s Biggest Year: The Fight for Secure Elections Around the World”: CISA Director Jen Easterly participated in a keynote session at Black Hat USA 2024, along with international election experts Hans de Vries, COO, European Union Agency for Cybersecurity (ENISA), and Felicity Oswald, CEO, National Cyber Security Centre (NCSC) to “unpack how international leaders are approaching election security risks to the democratic processes.” Along with coverage of this keynote panel, we have compiled Director Easterly’s recent communications on the 2024 security threats and security and integrity strategies taken up by CISA and the USG in the run-up to the November 2024 Election in the U.S.
The Crowdstrike Incident – OODA Loop Update #4: In the spirit of the significance of tracking the global impact of disruptive events and encouraging the sharing of relevant stories for compilation, the following is our latest tracking of the Crowdstrike Incident since our last update on 7/22 – The Crowdstrike/Microsoft Global IT Outage Debacle: Ongoing Impacts and Recent Updates and the July 2024 OODA Network Monthly Meeting: A Real-time Discussion of the Crowdstrike Global IT Outage.
Are Chinese-Made Ship-to-Shore Cranes at U.S. Ports a Critical Infrastructure Vulnerability?: The 2023 National Defense Authorization Act (NDAA) (made into law in December 2022) included some specific military-related cybersecurity provisions, including a required study of cybersecurity and national security threats posed by foreign-manufactured cranes at United States ports” to assess whether foreign manufactured cranes at United States ports pose cybersecurity or national security threats.” The study was completed late last year – and the response to the findings has sparked global controversy and debate. Details here.
Corporate Board Accountability for Cyber Risks: With a combination of market forces, regulatory changes, and strategic shifts, corporate boards and directors are now accountable for cyber risks in their firms. See: Corporate Directors and Risk
Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has caused regional issues that affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat
Ransomware’s Rapid Evolution: Ransomware technology and its associated criminal business models have seen significant advancements. This has culminated in a heightened threat level, resembling a pandemic’s reach and impact. Yet, there are strategies available for threat mitigation. See: Ransomware, and update.
Challenges in Cyber “Net Assessment”: While leaders have long tried to gauge both cyber risk and security, actionable metrics remain elusive. Current metrics mainly determine if a system can be compromised without guaranteeing its invulnerability. It’s imperative not just to develop action plans against risks but to contextualize the state of cybersecurity concerning cyber threats. Despite its importance, achieving a reliable net assessment is increasingly challenging due to the pervasive nature of modern technology. See: Cyber Threat
Decision Intelligence for Optimal Choices: Numerous disruptions complicate situational awareness and can inhibit effective decision-making. Every enterprise should evaluate its data collection methods, assessment, and decision-making processes for more insights: Decision Intelligence.
Proactive Mitigation of Cyber Threats: The relentless nature of cyber adversaries, whether they are criminals or nation-states, necessitates proactive measures. It’s crucial to remember that cybersecurity isn’t solely the IT department’s or the CISO’s responsibility – it’s a collective effort involving the entire leadership. Relying solely on governmental actions isn’t advised given its inconsistent approach towards aiding industries in risk reduction. See: Cyber Defenses
The Necessity of Continuous Vigilance in Cybersecurity: The consistent warnings from the FBI and CISA concerning cybersecurity signal potential large-scale threats. Cybersecurity demands 24/7 attention, even on holidays. Ensuring team endurance and preventing burnout by allocating rest periods are imperative. See: Continuous Vigilance
Embracing Corporate Intelligence and Scenario Planning in an Uncertain Age: Apart from traditional competitive challenges, businesses also confront unpredictable external threats. This environment amplifies the significance of Scenario Planning. It enables leaders to envision varied futures, thereby identifying potential risks and opportunities. Regardless of their size, all organizations should allocate time to refine their understanding of the current risk landscape and adapt their strategies. See: Scenario Planning