As a result of attacks on SolarWinds, the Colonial Pipeline and Kaseya, 2021 can be regarded as a year of ‘cyber turmoil’. Is this what we can expect in the coming year? For many within industry, this is a reasonable question to pose.
Digital Journal reached out to experts at Telos in order to identify three industry trends of concern.
Critical infrastructure
According to Rick Tracy, CSO, Telos Corporation, one central concern relates to critical infrastructure. To guard against this, attention to detail must be paid to each cybersecurity vulnerability.
This leads Tracy to state: “Absent mandates to implement even basic security measures, critical infrastructure will remain an easy target for cyber criminals in 2022.”
To demonstrate the point, Tracy cites: “Recently there have been warnings that water and wastewater systems are high priority targets. All critical infrastructure sectors pose clear security risks for our nation. Voluntary cyber risk management won’t help. There have to be incentives or penalties to encourage critical infrastructure organizations to take appropriate steps to manage cyber risk.”
Supply chain wobbles
Another area that will see intended disruption is with the supply chain. Th weaknesses here have been identified by Ryan Sydlik, Security Engineer, Telos Corporation.
According to Sydlik: “COVID-19, and more specifically its aftermath, is affecting supply chains as recovery from the virus is uneven globally, resulting in unbalanced supply and demand between nations.”
This rocky situation leads Sydlik to say: “Expect cyberattacks on the supply chain to take an already backed-up situation and make it worse on already stressed supply chains. In addition to large corporations involved in global trade, small and medium players in the supply chain will be targeted in 2022 as adversaries recognize that these entities are the most vulnerable chokepoints that also have less robust security. A well targeted outage at the right place and time, could disrupt entire industries.”
Slow cyber-progress in the U.S.
While countries need robust cybersecurity legislation, this is unlikely to shine out from the U.S., according to Robert DuPree, Manager of Government Affairs, Telos Corporation.
DuPree says that the Whitehouse is keen, but Congress slow so: “Expect the Biden Administration to continue emphasizing the need for additional actions in 2022 to address cybersecurity vulnerabilities in the public and private sectors.”
However, beyond the state sector things are trickier, as DuPree finds: “With respect to the private sector, such efforts will mostly have to come through executive branch directives as Congress will again be reluctant to impose mandates on the private sector, with the exception of breach notification requirements. Congress will continue to provide some additional funding to beef up cybersecurity at key federal agencies, although it likely won’t be enough to meet the growing challenges. Finally, anticipate some legislative changes to FISMA and FITARA, as well as efforts to codify FedRAMP (if these do not happen before the end of 2021).”