The United States’ pipeline infrastructure, which carries oil, natural gas, and other commodities, is made up of nearly 3 million miles of pipelines. This vital enabler of domestic economic and national security is under constant threat of cyber attack due to its increasing reliance on automation through information technology.

Hackers recently attacked computer systems belonging to the Colonial Pipeline company, forcing them to shut down operations and inhibiting delivery of diesel fuel, gasoline, and jet fuel throughout the East Coast of the United States. The company has responded quickly but cautiously and expects to resume normal operation very soon. In the meantime, a declaration of emergency from the White House allows extended operation of other means of petroleum transport.

Original article published by Signal Magazine here.

Many federal government agencies are interested in improving their cybersecurity by moving to a zero trust architecture model. But such a move, while very beneficial to the organization, is a complex and involved process that requires some fundamental changes in how security and operations are approached, says Don Maclean, chief cybersecurity technologist for DLT Solutions.

Earlier this year, a downright chilling cyberattack against our nation’s critical infrastructure was exposed and reported in Oldsmar, Florida, a town of fewer than 14,000 people just outside of Tampa. The attack was targeted against a local water treatment facility and – if successful – could have managed to poison the area’s water supply.

According to the 2020 Verizon DBIR, (Data Breach Investigations Report) there were 3,950 confirmed breaches in 2020. The onset of the COVID pandemic resulted in a drastic increase in exploitable vulnerabilities, phishing attempts, ransomware campaigns, and remote compromise attempts.

Crises and disasters are unavoidable; especially, from the perspective of information security professionals, whose adage is to "assume you've already been hacked." It would be naïve to assume that any network was impervious to adversarial campaigns. The difference between a cybersecurity novice and a leader isn't whether they can infallibly prevent incidents; rather, the distinction lies in how they respond to crises, mitigate impacts, remediate compromises, and incorporate lessons into their risk assessment, policies, and response plans.

An organization's personnel can be the strongest or weakest element of any security strategy. In times of national crisis, such as the COVID-19 pandemic, tensions can run high, and conventionally manageable stresses can accumulate and degrade focus, performance, and mental bandwidth.

Cybersecurity attacks have been a part of the national security conversation since the beginning of the technological age. However, with a significant changes in 2020, we have seen more intrusions in the first half of 2020 than throughout all of 2019 (as reported by NETSCOUT). A new wave of highly sophisticated attacks has evolved with fear tactics and the change of work environments from offices to work from home. 

Election day has come, and it has gone, with a few states still counting votes, the projected President-elect is Joseph R. Biden, with Vice President-elect Kamala Harris making history as the first African and Asian American women to be elected to higher office. However, just because the election is over does not mean that the task of securing the U.S. elections infrastructure stops; in fact, the work must continue. 

With election day upon us, and with millions already mailing in their ballot or taking advantage of early voting, it is safe to say this election will be like no other. However, this record-breaking turnout does not slow down bad actors from Iran and Russia from interfering in the upcoming election. According to a recent announcement from the FBI, both Iran and Russia have obtained US voter information.