The World Economic Forum in Davos last month delivered a clear message: We need a global response to the approaching “cyber storm.” According to the WEF Global Cybersecurity Outlook 2023 report, over 93% of cyber security experts and 86% of business leaders believe that “a far-reaching catastrophic cyber event is expected to occur in the next two years”. During panels held at the conference, there was also widespread concern that governments would increase their support or direct involvement in disruptive cyber operations. This particularly includes malicious cyber activities carried out by countries such as Russia and North Korea.
It was very clear to Davos attendees, myself included, that critical infrastructure cybersecurity is a main concern for world leaders and there is growing awareness that it has a significant impact on the resilience of countries.
Critical infrastructure underpins so much of our daily lives, including our access to electricity, water, and health services, as well as manufacturing plants, oil and gas providers, and more. Attacking them could result in direct harm to human life, the environment, and the economy. As these previously air-gapped systems become increasingly connected to IT and the cloud, legacy industrial machinery that is often decades old becomes exposed to new kinds of cyber threats that it was never designed to withstand. A cyber attack on critical infrastructure has the potential to impact public safety and disrupt access to the vital services that power a community, city or country.
The issue received another push from the Biden administration. At the start of the year, it was announced in the Washington Post that the administration will soon unveil a national strategy that, for the first time, calls for comprehensive regulation in the field of cybersecurity of U.S. critical infrastructure, with an explicit acknowledgment that the years in which the U.S. took a voluntary approach failed to secure the nation against cyber attacks.
Three main factors, interwoven with each other, have led us to a dramatic warning about the growing cyber threat to critical infrastructure:
First, the digital revolution, which gained momentum during the Covid-19 pandemic, enabled many organizations to continue operating and providing services remotely during the closures, however this also increased the attack surface area for threat actors to exploit. Critical infrastructure, which even pre-Covid were more vulnerable to attacks, have become a significant weak point. Cybercriminals who are aware of their security weaknesses began to focus on them more than ever.
Second, the war between Russia and Ukraine, which includes a combination of physical combat and cyber warfare, has led to the leakage of sophisticated cyber tools into the sphere of cybercrime around the world. Many new attack tools have found their way into the hands of cybercriminals on dark web trading sites. Moreover, cybercriminal groups have become stronger as well, now selling attack tools as-a-service and enabling more criminals to breach victim organizations, steal data, encrypt data for ransom, and more.
The third main factor is the global economic downturn. Most businesses are under growing pressure to generate revenue and operate at maximum capacity, which means that they tend to be more willing to bend to the demands of cybercriminals and pay a ransom, for example, to keep production moving and avoid reputational damage. Surrendering gives cybercriminals more resources to carry out more attacks, and in many cases, they will target the same organization repeatedly.
During panels held in Davos, calls were made for more cooperation between countries to strengthen their cyber resilience, help each other quickly recover from inevitable cyber attacks, and face challenges such as climate change, geopolitical conflicts, and the economic downturn together. Moreover, experts suggested that there is great importance in sharing information between countries and private organizations.
“This is a global threat, and it calls for a global response and enhanced and coordinated action,” Interpol Secretary General Jürgen Stock said in Davos. “The key to winning the battle against cybercrime is, of course, to work together to make it a priority across the geopolitical fault lines.”
Beyond that, I believe that there is a need for in-depth cooperation between government bodies, which control critical infrastructures, and commercial technology companies. Cooperation in research, education and training, and understanding the needs, problems and challenges of critical infrastructure, is essential for promoting resilience at the nation-state level.
In one of the panels, one of the cyber experts presented Singapore’s Cyber Security Act as a good example of cooperation. The act, which went into effect in August 2018 and is currently under review, defines who is responsible for the cybersecurity of critical infrastructure in essential sectors such as water, energy, and healthcare. It also includes a code of practice for critical infrastructure operators to improve their cyber defenses.
In Israel, the main challenge at hand is building a culture of cybersecurity throughout the critical infrastructure ecosystem. Israeli technology companies are creating the most advanced cybersecurity solutions in the world, but there is still a mismatch between our technological capacity and the security of our own critical infrastructure at home.
Yaniv Vardi is the CEO of Claroty