Protecting Critical Infrastructure Such as Utilities and Banking from Cyber Threats

Protecting critical infrastructure such as utilities and banking from cyber threats is a top priority. These systems are the backbone of our daily lives, providing essential services like electricity, water, and financial transactions.

A single cyber attack on a utility company could leave millions without power, causing widespread disruption. As seen in the article, a notable example is the 2015 cyber attack on Ukraine's power grid, which left 225,000 people without electricity for several hours.

The banking sector is also a prime target for cyber threats, with hackers seeking to steal sensitive customer information. In fact, the article highlights that in 2020, a major bank suffered a data breach, exposing the personal data of over 100,000 customers.

To mitigate these risks, organizations must implement robust security measures, such as regular software updates and employee training on cybersecurity best practices.

Critical infrastructure, such as utilities and banking, is a prime target for cyber threats. These threats can come from a variety of sources, including cybercrime threat actors, insider threat actors, and state-sponsored cyber threat actors.

Ransomware is a particularly effective form of malware that denies users access to systems or data until a sum of money is paid. This can have devastating consequences, especially for essential services like healthcare and manufacturing.

Cyber threats can also involve stealing mission-critical information, locking sensitive files, or leaking proprietary or compromising information. This can have serious consequences, including damage to national security, public safety, and economic stability.

Insider threats can result from anyone who has knowledge of or access to an organization’s infrastructure and information and uses it to cause harm. This can be particularly damaging, especially in critical infrastructure sectors.

Denial-of-service (DoS) attacks can render large parts of a critical infrastructure sector unavailable and cause potentially catastrophic failure. This can have serious consequences, including disruption of essential services and financial losses.

A unique perspective: Asian Infrastructure Investment Bank

Cyber attacks on critical infrastructure can have serious and devastating consequences.

Interruptions to basic essential services like electricity, water, and natural gas can happen, leaving us without the things we need to survive.

Disruptions in production and supply of food and medical supplies can also occur, affecting our daily lives and well-being.

Loss of overall public trust and confidence in the economy, national security, and defence, as well as in democratic processes, can happen as a result of cyber attacks.

Damage to the environment and risk to public health from chemical spills, toxic waste discharges, or hazardous air emissions are possible consequences.

Lost revenue, reputational risks, job losses, or legal consequences for companies and employees are just a few of the many financial and professional impacts.

Disruptions to hospital operations, or even compromised medical devices, can lead to loss of life, which is a devastating outcome.

Here are some of the potential impacts of cyber attacks on critical infrastructure:

Implementing firewalls, virtual private networks (VPN), and multi-factor authentication (MFA) for remote access connections can significantly reduce the risks of cyber attacks on critical infrastructure.

Cyber attackers are becoming increasingly sophisticated, aiming at larger targets such as federal and state government databases, regional utilities, health care systems, and large credit card and consumer shopping enterprises.

To protect against these threats, critical infrastructure operators should automatically patch their operating systems and applications, replace devices and products that are past their end of life, and implement offline backups that are tested frequently.

By doing so, they can prevent malware from spreading and infecting their corporate networks, and ensure they can recover quickly in the event of an incident.

Critical infrastructure protection is a top priority for the United States, with 16 critical infrastructure sectors identified as essential to national security, public health or safety, the economy, or all the above.

The threats to these sectors are growing more complex by the day, whether they are digital, physical, man-made, technological, or natural.

Cybercrime threat actors may target critical infrastructure sectors for financial gains, while insider threat actors may target for personal reasons, such as an act of revenge by disgruntled former employees or customers.

Cyber threats to critical infrastructure sectors can involve stealing mission-critical information, locking sensitive files, or leaking proprietary or compromising information.

A unique perspective: Nepal Infrastructure Bank Limited

The federal government has taken steps to improve critical infrastructure protection, including the formation of CISA in 2018 to coordinate efforts with partners across the country to make critical infrastructures more resilient and secure.

President Biden has also announced additional actions to protect the nation's critical infrastructure, including a directive to CISA and the Department of Commerce's National Institute of Standards and Technology to develop cybersecurity performance standards for critical infrastructure.

The Department of Energy is working towards a 100 percent carbon-free power sector by 2035, which will require grid modernization and the development of new cybersecurity standards to protect the grid from threats.

Protecting critical infrastructure requires a multi-faceted approach that includes implementing security measures such as firewalls, VPNs, and multi-factor authentication, as well as developing incident response plans and training employees on cyber security best practices.

See what others are reading: Banking Infrastructure

In the past, public utilities like electricity and water were considered natural monopolies due to the high cost of building and maintaining infrastructure.

The cost of adding another customer to a utility's system is relatively small once the initial assets are in place, making duplication of facilities wasteful.

Historically, utilities were either government monopolies or regulated by a public utilities commission.

The electric utility industry began to shift away from monopoly regulation in the 1990s with the Federal Energy Regulatory Commission's Order No. 888.

This order mandated that electric utilities open access to their transmission systems to enhance competition.

The order also promoted the role of an independent system operator to manage power flow on the electric grid.

FERC Order No. 889 established an electronic information system called OASIS, which gave new users of transmission lines access to the same information available to the owner of the network.

The restructuring of the traditional monopoly-regulated regime led to a competitive market where all bulk power sellers could compete.

In some 19 states, "customer choice" was implemented, giving retail electric customers the option to be served by non-utility retail power marketers.

Explore further: In a Fractional Reserve Banking System Banks Create Money Because

Utilities and Banking are crucial to our daily lives, providing essential services that we often take for granted. The average American household uses over 300 gallons of water per day, highlighting the importance of reliable water supply systems.

Power outages can have significant economic impacts, with a single hour of lost power costing the US economy up to $4 billion. This emphasizes the need for robust and resilient power grids.

A well-functioning banking system is also vital, with the US banking industry holding over $17 trillion in assets, serving as a cornerstone of the country's financial infrastructure.

OT and ICS systems are a prime target for threat actors, who may disrupt or compromise them to gain access to critical infrastructure or spread malware.

OT and ICS systems are used to automate industrial processes in various sectors, such as manufacturing, and are often connected to the internet or other networks.

Threat actors may focus on disrupting OT or ICS systems to gain a competitive advantage or cause physical harm.

CI providers rely on ICS to remotely monitor and control their physical devices on their infrastructure, making it a major subset of OT.

OT and ICS systems are attractive targets for threat actors because they can be used as pathways for phishing schemes, spam, or malware attacks.

Water supply systems are crucial for providing drinking and industrial water to the population. They rely on various sources, including rivers, lakes, and groundwater.

The quality of water in some regions is a concern, which highlights the need to improve water quality. This can be achieved by increasing the efficiency of water resources use.

Here are some key sources of water used in water supply systems:

It's essential to address the issue of water quality in some regions to ensure a reliable water supply.

Utilities are often considered stable investments because they provide regular dividends to shareholders and have more stable demand.

One of the reasons utilities are attractive investments is that their dividend yields are usually greater than those of other stocks, making them a good choice for long-term buy-and-hold strategies.

The utility sector is often part of a long-term investment plan because it is less volatile than other sectors.

Utilities require expensive critical infrastructure, which needs regular maintenance and replacement, making them a capital-intensive industry.

A utility's capital structure may have a significant debt component, which exposes the company to interest rate risk.

If interest rates rise, the company must offer higher yields to attract bond investors, driving up the utility's interest expenses.

Here are some alternative pricing methods used in the utility industry:

These pricing methods have their own set of drawbacks, such as the potential for overcapitalization or a loss of service area.

Public utilities can be either privately owned or publicly owned, and the ownership structure has a significant impact on how they operate.

Publicly owned utilities are non-profit, which means they don't aim to make a profit from their customers. This is in contrast to private utilities, also known as investor-owned utilities, which are owned by investors and operate to make a profit.

Cooperative utilities, which are owned by the customers they serve, are usually found in rural areas and are a type of publicly owned utility.

A fresh viewpoint: Chase Bank Warns Customers to Prepare for Higher Banking Fees.

Critical infrastructure such as utilities and banking is often concentrated in urban areas, where population density is higher and the demand for services is greater.

These areas typically have complex regulatory frameworks, with multiple government agencies and laws governing the operation of critical infrastructure.

In the United States, for example, the Federal Energy Regulatory Commission (FERC) has jurisdiction over the interstate transmission of electricity, while state public utility commissions regulate the distribution of electricity within their borders.

The geographic concentration of critical infrastructure also creates challenges for emergency responders and disaster relief efforts, as seen in the aftermath of Hurricane Katrina, which devastated the city of New Orleans and its critical infrastructure in 2005.

The United States has a long history of public utilities, with the first one being a grist mill erected on Mother Brook in Dedham, Massachusetts, in 1640.

Public utilities in the U.S. provide essential services to residential, commercial, and industrial consumers. They buy and sell bulk electricity at the wholesale level through regional transmission organizations (RTO) and independent system operators (ISO) within one of three grids: the Eastern Interconnection, the Texas Interconnection, and the Western Interconnection.

Utilities in the U.S. have historically operated with high financial leverage and low interest coverage ratios, which was acceptable to investors due to industry regulation. However, recent bankruptcies have challenged this perception.

In the U.S., public utilities are regulated, which has helped to minimize bankruptcy risk due to the essential services they provide.

Additional reading: Banks and Banking Services

Regulation plays a vital role in ensuring that public utilities operate fairly and efficiently. In the United States, public utilities commissions (PUCs) are governmental agencies that regulate the commercial activities of utility companies.

These commissions are typically composed of commissioners appointed by governors and dedicated staff who implement and enforce rules and regulations, approve or deny rate increases, and monitor/report on relevant activities. The California Public Utilities Commission and the Public Utility Commission of Texas are examples of PUCs that regulate utility companies in their respective states.

A key principle of ratemaking in the US is that rates paid by customers should be set at a level that allows utilities to provide reliable service at a reasonable cost. This principle guides the work of PUCs in setting rates and ensuring that utilities operate in a fair and efficient manner.

The focus of PUCs has shifted over the years from upfront regulation of rates and services to oversight of competitive marketplaces and enforcement of regulatory compliance.

Related reading: How Long Should You Keep Utility Bills and Bank Statements