Forcepoint's To The Point Cybersecurity
This year, our To The Point Cybersecurity podcast featured numerous experts who discussed everything from the war in Ukraine to election security. If you’re looking to better understand and secure critical infrastructure, these episodes are for you.
Have a listen, or better yet, to subscribe to our podcast today. Here's a quick summary of several critical infrastructure-related podcasts from 2022:
During this episode, Rob Lee, CEO and co-founder of cyber startup Dragos, discussed the degree to which organizations have misunderstood the interconnectedness of IT and operational technology (OT). As companies went through digital transformation, cybersecurity efforts tended to focus on the enterprise, while neglecting operations and critical infrastructure. However, Lee shared that the focus on OT is growing, in part due to high-profile hacks like the Sunburst attack, during which the adversary had direct remote control over portions of critical infrastructure.
Joe Uchill, senior reporter at SC Magazine, joined the podcast earlier this year to talk critical infrastructure as well. He dove into the cyber implications of the ongoing conflict in Ukraine, particularly regarding ransomware attacks. For example, Uchill cited the impact of the 2017 NotPetya attack, dubbed “the most devastating cyberattack in history.” While the attack was originally directed at Ukrainian tax software, the worming malware soon spread to major businesses across the globe—from Merck to Mondelez, driving concerns around the potential for another large-scale attack.
As the conflict in Ukraine continues, more cyberattacks are likely. Uchill noted that Conti, the most active ransomware as a service group, has expressed its intention to retaliate if Russian critical infrastructure is attacked by the West. He also discussed CISA’s Shields Up guidance, which urges organizations to be prepared for both direct cyberattacks from Russia (particularly as sanctions get more severe) and fallout from those directed at Ukraine.
As our next guest reminded us, the increase in cyber threats to critical infrastructure did not start with the Russia/Ukraine conflict and will not end with it. During the episode, Michael Daniel, President and CEO of Cyber Threat Alliance, shared concerns specific to the war. For instance, many companies hastily pulled out of Russia at the start of the war, leaving infrastructure and capabilities behind.
Daniel also offered insights on the nuances of information sharing and pertinent advice for those ready to improve their cybersecurity. In today’s landscape, the best approach is to raise your baseline of cybersecurity with tools that can protect against multiple threats.
Elections were officially recognized as critical infrastructure in 2017. The following year, the Election Infrastructure Information and Sharing Analysis Center (EI-ISAC) was formed. Marci Andino, who has served as the Senior Director of EI-ISAC for the past year, described how EI-ISAC helps states and localities improve their election security, from offering technology like intrusion detection devices to running an incident response team. Andino also touched on how EI-ISAC equips election officials to report misinformation, further securing the election process.
Andino was joined by Trevor Timmons, chairperson of the Executive Committee of EI-ISAC and CIO for the Colorado Secretary of State. Timmons applauded the progress we’ve made on securing elections, noting that the 2020 election was the most secure in history. Thanks to EI-ISAC, states and localities all have access to the same intelligence information alerts, warnings, and guidance. Still, new threats continue to arise and security procedures must continue to evolve. Check out the full episode to hear more about emerging threats like trusted insiders.
Finally, Dr. Herb Lin joined us to discuss how to stay ahead of cyber adversaries. Dr. Lin is a Senior Research Scholar at CISAC; a Hank J. Holland Fellow at the Hoover Institution at Stanford University; and author of the book Cyber Threats and Nuclear Weapons. He described why cybersecurity always feels like such an uphill battle.
As computer systems become larger and more complex, security becomes more challenging. Additionally, adversaries are always looking for new ways in. That’s why Dr. Lin remains skeptical about technology. Connecting everything to the Internet once seemed promising, but now seems risky—particularly if it can open the door to attacks on critical infrastructure. During the episode, Dr. Lin also comments on the number of small-scale cyberattacks faced on a daily basis and why there hasn’t been a cyber–Pearl Harbor catastrophe yet.
For a deeper dive into critical infrastructure, check out the full episodes. And to stay on top of all kinds of cybersecurity trends, tune into new episodes each week. They’re published every Tuesday. You can always listen to all the episodes here on Forcepoint.com.
Subscribe today wherever you get your podcasts via the links below: