South Africa Under Attack
Recently in the news, the city of Johannesburg in South Africa has been making headlines after a major cyber attack.
Johannesburg is the financial capital of South Africa. So, when their main electricity provider, City Power, fell victim to a ransomware attack, headlines couldn’t help but be made.
Continuing, when the company became infected with ransomware, the city completely lost power.
The ransomware didn’t stop at just cutting off the power. It also prevented the company from performing several of its main network functions. This includes but is not limited to accessing databases, their website, customer information and much more.
City Power is still trying to recover from the attack. Luckily, the attackers were not able to make it all the way into their main network.
If the attackers had the ability to cause this much damage and not even have access to everything, one can only imagine what could have happened if the did.
Other Attacks on Cities
After reading about the attack in South Africa, it made me start thinking about how electrical grids and infrastructures could become the next big target for cyber criminals.
As per the news once again, cities across the world (including the US) have been facing many ransomware attacks. Cities like Baltimore and Lake City, Florida have paid hundreds of thousands of dollars to hackers to regain access to their systems after attacks.
The possibility to take the attacks even further is a major concern, and one that government and companies should begin to take seriously and consider.
Infrastructure Security Now
To begin understanding where the security of electrical grids and the infrastructure of the US stood currently, I found a report titled, Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector.
This report presented a detailed analysis of what threats and vulnerabilities the US will or currently faces in regard to attacks on electricity infrastructure.
The main takeaways are as follows: (directly quoted)
- Growth of networks and communication protocols used throughout ICS networks pose vulnerabilities
- Threat actors on multiple fronts continue to seek to exploit cyber vulnerabilities in the U.S. electrical grid.
- Utilities often lack full scope perspective of their cyber security posture.
- The assortment of regulatory standards and guidelines applicable to utilities regarding cyber security practices produces varied methods of adoption.
- Utilities expect more qualitative, timely threat intelligence from existing federal information sharing programs.
(To read the full paper and for a more in-depth look at the analysis of the US Electrical / Electricity infrastructure, click here)
After reviewing the assessment, I can take away that security measures are put in place. If not, the US would be completely vulnerable. But, the procedure and protocols in place need to constantly be improved upon in order to keep up with outsider threats.
In The Future
All in all, there will always be evolving threats on various fronts in the US and around the world. What many need to realize is that, what we have in place (regarding cyber security measures) is just “getting us by” currently.
Do the protocols and procedures prevent most cyber criminals from completing their attacks? Yes. Subsequently, cyber criminals are evolving, and our security protocols need to evolve as well.
In this paper, I hoped to shed some light on the issue. Governments must seek protection and prepare for attacks like the one in South Africa.
Moreover, it goes without saying to mention how important electricity and infrastructure safety is. As a population, we depend on being connected. Above all, our means of communication, livelihood and careers depend heavily on the ability to connect.
If a cyber criminal continue to make strides and execute more intricate attacks on such systems, while we stand still, it will be lights out for all of us. (literally)
By Taylor Ritchey
Firstly/secondly, further, and, moreover, in addition
Meanwhile, during, subsequently, after that
Likewise, similarly, in the same vein
In conclusion, to sum up, in short
Therefore, as a result, so, consequently
That is to say, in other words, to clarify