A "Time of Heightened Tensions": Homeland Security and National Security Agency Issue Joint Cybersecurity Alert

Foley Hoag LLP - Privacy & Data Security

Foley Hoag LLP - Privacy & Data Security

On July 23, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), joined by the National Security Agency (NSA), issued a cybersecurity alert to operators of critical infrastructure.  This cybersecurity alert outlines a series of “immediate actions” companies should take to reduce the risk of operational interference resulting from cyberattack. Unlike the bulletin issued by the Department of Homeland Security in January of 2020, which warned of potential attacks by Iran in retaliation for United States’ killing of Major General Qasem Soleimani, the recent jointly-issued alert does not identify any specific individual or nation-state actor. Instead, the alert acknowledges, only in general terms, that this as a “time of heightened tensions.”

The alert identifies types of cyberattack activity recently observed, including spearphishing, utilizing commonly used ports, and use of vendor engineering software and program downloads. It then provides a detailed list of specific actions that companies should take, grouped under these broad operational areas:

  • Have a resilience plan for operational technology (“OT”);
  • Exercise your incident response plan;
  • Harden your network;
  • Create an accurate “as-operated” OT network map immediately;
  • Understand and evaluate cyber-risk on “as-operated” OT assets; and
  • Implement a continuous and vigilant system monitoring program.

In the energy space, owners of critical infrastructure assets have seen an unprecedented uptick in recent years of hacking and phishing attempts, including denial of service (“DoS”) attacks which are aimed at exploiting vulnerabilities in an entity’s firewall. In a DoS attack, multiple systems flood the network of a targeted system with traffic, usually one or more of its web servers, and disrupt service with the goal of rendering it unavailable to its intended users. A DoS attack on a generation facility could leave the grid operator without visibility for a prolonged period into the power operations generating hundreds of megawatts of electricity. The inability to monitor and manage power availability real-time raises the possibility of outages or blackouts. The majority of the attacks are smaller in scale, primarily aimed at disrupting communications, and have not resulted in any serious disruptions to service. High-profile events in Saudi Arabia (2017), Ukraine (2015, 2016), and South Korea (2014), demonstrate, however, that such serious disruption is possible.

The joint alert underscores the continued vulnerability of critical infrastructure to cyberattack and the need for, as stated in the alert, “continuous and vigilant monitoring” in an effort to prevent significant disruption to the nation’s bulk power supply.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Privacy & Data Security | Attorney Advertising

Written by:

Foley Hoag LLP - Privacy & Data Security

Foley Hoag LLP - Privacy & Data Security on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.