In this tech-oriented world, a wide range of organizations and infrastructures are climbing onto the digital bandwagon. Artificial intelligence along with cognitive technologies are reshaping the dimensions of this globe at a swift pace. Without a doubt, the blend of artificial intelligence and machine learning results in the production of the most disruptive technological forces in the globe. According to the prediction of P&S Intelligence, the global retail market of artificial intelligence will surpass the figure of $4.3 billion by the year 2024.
Unfortunately with these technological innovations, we all are witnessing an extraordinary and unpredictable level of vulnerability. 81% of cybersecurity experts believe that there would be more cyber attacks in upcoming years. Keeping in view this threat, governments are straightening cybersecurity measures to fight a strong war against cybercriminals.
Secretary of Energy Jennifer M. Granholm claimed that
“ The United States will face evolving cyberthreats from malicious cybercriminals seeking to disrupt electricity on which American’s rely on to power their residential areas and businesses. It is up to both government and industries to take applicable measures for the prevention of possible harms.”
100 Days Plan
“On Tuesday, 20th April 2021, Biden’s administration issued a 100-day plan through the United States’s Power of energy to beep up cybersecurity in the nation's power grid, calling for industry leaders to incorporate such technologies that could combat attacks on electricity supply.”
If unsuccessful, the movement follows a high-profile cyber attack in Florida that resulted in the compromise of a water treatment plant. This highlighted a few of the cybersecurity vulnerabilities in the censorious infrastructure of America. The Energy Department claimed that the initiative would outline actionable steps for utility operators and owners that could assist them in the detection and fight back cyberattacks. Experts have affirmed that presumed industrial control systems should once in a while prevent commands from being deployed in case it is ever connected to the public internet as well as remote access.
After the following 2 alarming incidents, cybersecurity has been a point of convergence of the administration’s first 100 days:
- Microsoft Exchange server vulnerabilities that resulted in data breaching and exposure of thousands of systems across the globe.
- The SolarWinds Intrusion campaign by Russian hackers due to which 9 US agencies and numerous private organizations suffered.
CEO of Dragos, Inc which is basically a cybersecurity firm focusing on industrial cybersecurity, Robert M. Lee claimed that,
“This Biden’s administration plan for the enhancement of cybersecurity protocols is very encouraging and it seems to be done in unison with cross-government agencies and electric sector leadership.”
Positive Reaction of Industry to Cybersecurity Plan
The optimistic reaction is observed from the specialists of electric sector cybersecurity to the 100-day plan. According to specialists, they are trying to create a peaceful environment. It is difficult to work with numerous entities where few of them are owned privately and some are owned by the local government. The rest of them are amalgamations that are working together. All of them are integrated across the national grid with some basic standards.
Head of the Edison Electric Institute as well as point person for the CEO-led Electricity Subsector Coordinating Council (ESCC), Tom Kuhn said in a statement,
“We highly cherish and appreciate that the Biden administration is prioritizing cybersecurity operations. We are looking forward to working across industries along with key government agencies for the enhancement of visibility into these critical control systems for the improvement of situational awareness for emerging threats”
This Plan Still Does Not Address Some Cybersecurity Requirements
Unfortunately, this plan does not give an address to numerous mandatory electric sector security components, for example, information sharing which is significantly broken in the electric sector. There is a dire need for data breaching notification within infrastructures. Organizations are investing a hefty amount of security but they still do not have actuarial risk data. The Biden Administration could incentivize the acquisition of internationally known control frameworks such as NIST and IEC 62443, both of those are complementing each other.
One more issue which is not taken under consideration in the Biden 100-day plan is the significance of filling the cybersecurity skill gap. Asset owners struggle with the lack of cybersecurity talent which is currently available in the market to secure their systems that contain products from numerous vendors. It becomes an administration challenge for owners, integrators, and operators even if the vendor supply secures systems and products.
Final Verdict
After these many enhancements in security protocols, there still exists a possibility that the federal government makes the same mistake as they did in the past. The Founder and CEO of the cyber intelligence company Prevailion, Karim Hijazi, fears that we keep repeating the narrative. Hijazi does not have faith in the federal government just like numerous other cybersecurity experts.
The actual problem is not the identification of vulnerabilities of systems but acknowledging that adversaries already reside in the network is the case for virtually every major organization. According to industry experts, there is a dire need for continuous awareness of what’s going on within infrastructure so that the organization does not have something to fester for the next six months. The appropriate time of that adversary in these environments results is absolutely unconquerable over time. However, infrastructures should still take measures to enhance cybersecurity protocols to combat vulnerabilities and adversarial attacks.