Mike Baukes, Penn Energy
Cybersecurity has always had its share of doom and gloom. Like any industry focused on threats, risks, losses, and damage, cybersecurity doctrines have propagated a wide variety of imminent threats, malicious actors, and unknown blindspots. Many of these claims are true, and digital businesses have experienced no shortage of incidents to corroborate them. However, the multitude of threats and the infinite technical vectors they exploit have rendered such fire and brimstone proclamations somewhat toothless. Fatigue overtakes concern at a point, and future threats receive less respect than they otherwise would if there were fewer problems maintaining a digital enterprise.
Critical infrastructure, energy, and transportation have long been at the heart of these potential threats. As these crucial services began to digitize, they were exposed to new vectors of risk, and when it comes to services that can mean the difference between life and death, risk is taken seriously. For example, the NERC standards were developed to protect energy companies, specifically industrial control systems (ICS) which act as a gateway between cyberspace and machines operating in material reality. Nearly all of the systems that govern airlines and state infrastructure such as traffic and power grids have been digitized, and the potential for a cyber attack on these resources has never been higher.
But there’s one thing that will cause more potential risk for critical infrastructure than all of the other attacks and threats put together. Gartner estimates that 80-99% of all exploits will take advantage of it through 2020. It doesn’t require a skilled hacker, and every digitized company is subject to it: misconfigurations.
#Cyber Security #News#Cybersecurity#Infrastructure