In May, a ransomware attack on Colonial Pipeline Co., the operator of the largest petroleum pipeline in the United States, forced the company to shut down its entire fuel supply network for five days, creating a serious impact on social and economic activities in the U.S. East Coast.
According to an annual report on 10 major information-related security threats issued by the Information-technology Promotion Agency, Japan in February, ransomware has now become the greatest threat to the information security of both the government and the private sector.
What makes this threat even more serious is the fact that it is targeted at key infrastructure that supports people’s lives and economic activities.
There have been countless cyberattacks on critical infrastructure in the past, both successful and attempted. One serious case was an attack on SolarWinds Inc., a U.S. information security firm, that spread to its clients that had software contracts with the company.
SolarWinds’ software is used by major U.S. government institutions, the military and key infrastructure providers. The firm’s overseas clients include NATO and the European Parliament, as well as the U.K.’s Ministry of Defence and National Health Service.
A group of hackers secretly broke into SolarWinds’ systems and added malicious code into the software. The hack was done so stealthily that it went undetected for about 10 months until last December.
It is believed that confidential information was stolen from many users, but the extent of the breach is still under investigation.
Another concern regarding protection of critical infrastructure is the increase in the number of attacks targeting industrial control systems’ vulnerabilities.
A major blackout that hit parts of Ukraine in 2015 was caused by the malicious remote operation of power substations conducted by hackers who intruded into a power grid’s control system via virtual private network (VPN) connections.
In 2019, Norsk Hydro ASA, a Norwegian aluminum products company, was hit by a devastating ransomware attack, affecting its network across the world.
Earlier this year, hackers fraudulently accessed the control system of a water-treatment facility in…