In a word, the answer is very. The cybersecurity threats aimed at critical infrastructure, which includes power grid networks, oil pipelines, water systems, air traffic control (ATC), and railroad system, have not only become more sophisticated in nature, they're increasing in number according to the latest reports from the Department of Homeland Security.
Dealing with the United States Dependency Challenge
These ongoing security threats highlight the complete dependency of the United States on interconnected critical services and system networks. As a result, the North American Reliability Corporation (NERC) is increasing regulatory requirements for Critical Infrastructure Protection (CIP) to enhance information security and data breach protection.
Additionally, NERC intends to strengthen measures designed to support vital facilities, systems, and organizations so that they're meeting basic requirements and compliance standards to protect sensitive data and address cybersecurity issues in critical infrastructure areas.
A Prime Example
Town manager Todd Selig, of Durham, a southeastern New Hampshire town of almost 15,000 residents was interviewed by CBS Boston news after a ransom request. The request, involving police department computer files, was instigated by Cryptowall, a new type of malware. The issues began when an officer received and opened an email message that included a seemingly benign attachment [1].
The party responsible dictated that after the ransom is paid, the police department's computer files will be released. Selig was quoted by CBS as saying there would be no deal in exchange for the release of police files from the infected and computer hard drives. The final outcome remains to be seen. However, Cisco researchers stated that the threat should be viewed seriously based on past experience where other ransomware threats have actually made good on the warnings of data destruction.
What happens if this ransom strategy is used in LA, New York City, Washington, D.C., or Chicago?
There's no question that ongoing risk assessment, integrity checking, and best industry practices are vital for enterprises, energy suppliers, corporations, etc. Over the past several months, malware has been found within the networks of energy giants. If they can become targets, what about your company?
References
[1] http://boston.cbslocal.com/2014/06/06/virus-infects-police-computer-syst...
