NOTEBOOK: Cyber threat level against private businesses urgent, White House warns in national memo
KATE HAYDEN Jun 14, 2021 | 1:04 pm
2 min read time
459 wordsBusiness Record Insider, Innovation and Entrepreneurship, Retail and Business, The Insider Notebook
Des Moines Area Community College recently announced an investigation into a cybersecurity incident first identified on June 2. The investigation prompted DMACC’s information technology department to voluntarily shut down all online instruction and the telephone system beginning June 3. (At time of press, the investigation was still ongoing – check businessrecord.com for the latest news updates.)
The voluntary system shutdown at DMACC occurred on the same day President Joe Biden’s administration warned U.S. businesses to take urgent cybersecurity measures.
In a memo, the White House warned that escalating cyberattacks are disrupting critical infrastructure in the nation, including the recent cyberattack on JBS USA, which owns meat processing plants in Marshalltown, Ottumwa and Council Bluffs.
Deputy national security adviser Anne Neuberger wrote that the Biden administration is working with partners to “disrupt and deter” attacks that deployed ransomware, reported by the New York Times and other national outlets. Biden signed an executive order on May 19 implementing new requirements to modernize cybersecurity defenses for the federal government and private sector industries.
“It’s a call to arms, and there are things businesses can do,” said Doug Jacobson, professor of electrical and computer engineering at Iowa State University. “This call didn’t give us something new to do. It may have made some companies think about the fact that they need to do more.”
Although all sectors are vulnerable to cyber incidents, organizations in critical infrastructure sectors are under extra scrutiny after a ransomware attack on Colonial Pipeline led to a six-day fuel supply shutdown, affecting nearly half of the East Coast.
“JBS was the first major volley at the ag sector. [Iowa] produces a lot of alternative energy, biodiesel and ethanol,” Jacobson said. “In the case of both Colonial Pipeline and JBS it affected their front-end systems, but that stopped them from being able to carry out their business.”
Cybersecurity specialists are now emphasizing security practices that block third-party intruders from easily navigating an organization’s internal network. Organizations that leave their internal networks open to navigate do so for convenience — it’s easy for both approved network users and internal intruders to navigate. Segmenting one network into multiple smaller networks can disrupt an intruder’s path through network computers in the organization.
“A good analogy is going into a giant warehouse, with no walls, no guards, no cameras. I can steal pretty much anything I want once I’m inside a warehouse,” Jacobson said. “If my warehouse consisted of thousands of locked cages, it’d be much more difficult for attackers to get things. There’s a trade-off there. But that’s the sort of idea, making it difficult so that once [intruders] come in, they can’t go from computer to computer.”
“Having a plan of what you’re going to do is critical,” he added.