Infrastructure Stakeholders Promote Cybersecurity Investments

Colonial Pipeline gate
Colonial Pipeline was the victim of a ransomeware attack in May, resulting in temporary fuel shortages along the East Coast. (Luke Sharrett/Bloomberg News)

[Stay on top of transportation news: Get TTNews in your inbox.]

Nearly three months after a cyberattack against a prominent petroleum products distributor on the East Coast, groups representing various infrastructure sectors called for robust methods to protect the country’s freight and mobility grids.

Enhancing the government’s efforts to secure critical infrastructure from cyberattacks will require long-term investments and coordinated strategies, stakeholders told a Senate panel July 21.

“Recent incidents around the nation have raised red flags that we must remain vigilant in protecting these valuable assets. The nation has seen more than its fair share of cyberattacks, just within the past year,” Evan Pratt, with the American Public Works Association, told the Senate Environment and Public Works Committee, as he highlighted potential concerns in critical water, transportation, energy, medical, education and food sectors.



Image

Bhatt

The American Public Works Association recommends federal agencies share threat information and provide technical assistance to state and local officials. The group also recommends comprehensive cybersecurity training for the public works sector. Said Pratt: “Multiple critical infrastructure sectors have been impacted by one or more cyber incidents, both malicious and accidental with varying degrees of impact.”

Shailen Bhatt with the Intelligent Transportation Society of America proposed Congress dedicate additional investments for federal cybersecurity programs. He argued under-investments at critical infrastructure networks could potentially lead to disruptions in supply chains.

“Just as we have underinvested in roads, bridges and tunnels over the last two decades, the same is true for cybersecurity; we have not made the investments necessary to protect our transportation system,” Bhatt told senators.

Cyber Testimony by Transport Topics on Scribd

“Developing a resilient system begins with cybersecurity,” he went on. “The transportation sector needs to secure network infrastructure devices and enforce domain security.”

In examining the potential infrastructure cybersecurity threats nationwide, Environment and Public Works Committee Chairman Tom Carper (D-Del.) suggested a one-size-fits-all solution is not viable. The chairman called on colleagues to appreciate the value in a multi-agency approach for tackling ongoing concerns.

Image

Carper

“At the federal level, we should build flexibility into our solutions so that state and local leaders have the tools they need to effectively address their unique cybersecurity challenges,” the chairman said. “Any federal assistance in cybersecurity should be structured to help these entities remain focused on their core missions.”

“Providing the tools to the government agencies, industry partners and stakeholders responsible for protecting our critical infrastructure from cyberattacks is essential,” added committee ranking Republican Sen. Shelley Moore Capito of West Virginia. “It is not a one-and-done event and we cannot have blinders on when it comes to envisioning potential threats, because we know those threats change daily.”

Image

Capito

In May, President Joe Biden signed an executive order seeking to enhance federal capabilities to identify and safeguard against major cyberattacks.

The executive order requires certain federal agencies to create event logs designed to facilitate investigations in the event of a cybersecurity breach. It also establishes a cybersecurity safety review board. The order was primarily a response to the SolarWinds Russian intelligence cyberattack that targeted nearly a dozen federal agencies, as well as the Colonial Pipeline cyberattack, and the “Hafnium” attack on Microsoft Exchange users.

“The federal government shall employ all appropriate resources and authorities to maximize the early detection of cybersecurity vulnerabilities and incidents on its networks. This approach shall include increasing the federal government’s visibility into and detection of cybersecurity vulnerabilities and threats to agency networks in order to bolster the federal government’s cybersecurity efforts,” according to the executive order.

Congressional leaders say they are considering measures meant to enhance cybersecurity protections. Senior lawmakers on the intelligence panels, for instance, have signaled the potential for pursuing requirements on mandatory disclosure of cyberattacks.

Image

Warner

“The recent Colonial [Pipeline], SolarWinds, and ‘Hafnium’ attacks have highlighted what has become increasingly obvious in recent years: That the United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage,” said Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence. “This executive order is a good first step, but executive orders can only go so far. Congress is going to have to step up and do more to address our cyber vulnerabilities, and I look forward to working with the administration and my colleagues on both sides of the aisle to close those gaps.”

“Given the sophistication and persistence of online actors, both nation-states and criminals, much more will need to be done. Imposing real costs on malicious actors, establishing a credible deterrence, and ensuring a strong response to the perpetrators of the Colonial Pipeline attack, including any nation that knowingly harbored them, must be a priority,” noted Rep. Adam Schiff (D-Calif.), chairman of the House Permanent Select Committee on Intelligence.

Want more news? Listen to today's daily briefing below or go here for more info: