EP13: Industrial cyber infrastructure vulnerabilities episode artwork

EPISODE · Oct 22, 2024 · 11 MIN

EP13: Industrial cyber infrastructure vulnerabilities

from Geopolitics Unplugged · host GeopoliticsUnplugged

Summary: In this episode, we discuss the vulnerabilities of the US industrial cyber infrastructure, particularly the power grid, water management, and communications systems. We highlight how outdated technology, weak security practices, and a lack of sufficient separation between operational and IT networks as contributing factors to these vulnerabilities. While there are agencies like CISA working to address these issues, we discuss that more needs to be done to prevent attacks, rather than simply responding to them after they occur. We explore the need for better cybersecurity measures to protect critical infrastructure from exploitation, especially from foreign actors.  Questions to consider as you read/listen:What are the main vulnerabilities in the US's industrial cyber infrastructure, and how are they being addressed?What are the consequences of these vulnerabilities, and what are the potential impacts on critical infrastructure and national security?How can the US improve its cybersecurity posture to better protect its critical infrastructure from cyberattacks? Long format: Industrial cyber infrastructure vulnerabilities  There is a very large issue here in the US that is fairly well known in the national intelligence and even private corporate security corridors which is the US’s industrial cyber infrastructure vulnerabilities including but not limited to the power grid, water management, internet, communications, and industrial control system. To me, it seems like we have a lot of congressional hearings and a lot of workshops and a lot of speeches and a lot of blue ribbon panel commissions ADMIRING the problem. But that seems to me to be all that we are doing largely. Admiring the problem. Not solving it.Many industrial control systems (ICS) use legacy protocols and hardware with limited security features, making them susceptible to exploitation. Weak passwords, lack of multi-factor authentication, and inadequate user management practices can enable unauthorized access to critical systems allow for “brute force” attacks into critical areas. And this is thought at least as of now to be the way that the Chinese accessed these telecoms. In previous attacks attributed to Salt Typhoon/Ghost Emperor, the threat actor used a custom backdoor called SparrowDoor, customized versions of the Mimikatz tool for extracting authentication data, and a Windows kernel-mode rootkit Demodex. (https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/ and https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/#:~:text=In%20previous%20attacks%20attributed%20to,Windows%20kernel%2Dmode%20rootkit%20Demodex and https://www.channelfutures.com/security/salt-typhoon-hacks-att-verizon-lumen ) Insufficient separation between operational technology (OT) networks and IT networks can allow attackers to move laterally from one system to another. Inadequate logging and intrusion detection capabilities can hinder the ability to identify and respond to malicious activity. A lack of meaningful SCADA. I read about the Cybersecurity and Infrastructure Security Agency (CISA). They have issued guidelines and best practices and there has been some limited legislation like the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) which mandates reporting of cyber incidents by critical infrastructure entities, allowing for faster response and threat analysis. I read about the DOE’s Energy Threat Analysis Center. And that’s all fine and good to report AFTER an incident and autopsy it, but what is better perhaps is to look at prevention. Are we ever going to get past the point of issuing white papers and reports and past the point of needing to do autopsies and actually look at the health of the proverbial patient and try to do things that avoid the need for an autopsy?Sources:  https://commercial.allianz.com/news-and-insights/expert-risk-articles/cyber-attacks-on-critical-infrastructure.html#:~:text=Recent%20years%20have%20seen%20growing,priority%20issue%2C%E2%80%9D%20he%20explains https://www.energy.gov/policy/articles/cyber-threat-and-vulnerability-analysis-us-electric-sector#:~:text=With%20utilities%20in%20the%20U.S.,physical%20security%20related%20events%20that https://www.forbes.com/sites/chuckbrooks/2023/02/15/3-alarming-threats-to-the-us-energy-grid--cyber-physical-and-existential-events/ https://www.esecurityplanet.com/cloud/industrial-control-systems-cyber-security/ https://www.cisa.gov/sites/default/files/recommended_practices/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf  https://cbsaustin.com/news/nation-world/national-security-agency-investigates-chinese-hack-of-3-telecommunications-companies-att-verizon-lumen-technologies-surveillance-federal-government https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit geopoliticsunplugged.substack.com/subscribe

NOW PLAYING

EP13: Industrial cyber infrastructure vulnerabilities

0:00 11:50

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

The Power and The Punchline Unplugged Studios *THE POWER AND THE PUNCHLINE*Hosted by *Mick Hunt* and *Rudy Rush*Two worlds. One mission. Power and perspective meet comedy and culture.Mick Hunt, the modern voice of self-improvement and purpose, joins forces with Rudy Rush, nationally recognized comedian, TV host, and one of the sharpest talents in the industry. Together, they deliver a show that proves growth does not have to be serious, and laughter does not mean you are not learning.Each episode dives into honest conversations about life, culture, purpose, relationships, success, and the BECAUSE that keeps us moving. The power comes from the truth. The punchline makes it unforgettable.If you want conversations that make you think, laugh, and grow at the same time, this is your space.*Because sometimes the best lessons come with a laugh.* The Brendan Ecker Influence Brendan Scott Ecker The Brendan Ecker Influence is hosted by Brendan Scott Ecker — a 27-year-old American entrepreneur, Michigan real estate agent, CEO of Gold Shark Media Ai, founder of PassRE USA, investor, law enforcement officer, former NCAA two-sport athlete, and author of Beyond the Beat and How I Made My Dorm My Office.Ecker went from a middle-class “Matrix” upbringing to building a fast-growing digital brand, scaling multiple businesses, and growing a YouTube channel with over 27,000 subscribers. With a background in Criminology, law enforcement, and competitive athletics, he blends discipline, strategy, and mindset into everything he teaches.On this podcast, Brendan breaks down the real frameworks behind wealth, business, real estate, marketing, AI, geopolitics, mindset, and personal growth. He discusses the journey in growing his businesses, documenting the wins, failures, and the tactical steps that helped him escape Ignition Zone Ignite to Rise Life Coaching Hey, I see you. You’re running a business, handling all the things, and somehow, you’re still answering emails at 10 PM.You tell yourself, ”Just one more thing,” but somehow, one more thing turns into one more hour.Sound familiar?Welcome to ”Ignition Zone,” the podcast for high-achieving women who are ready to set boundaries, unplug, and still keep their business thriving.I’m Crystal Cornacchia, The Unplugged Success Coach, and I help women like you reclaim your time without feeling guilty or losing momentum.Each week, I’ll give you quick, no-fluff episodes packed with simple strategies to:✔ Stop overworking and take back your time✔ Set boundaries that actually stick✔ Unplug without your business falling apart✔ Grow your business without being on call 24/7This is for you if you want to step back without stepping away and finally build a business that doesn’t need you every second of the day.New episodes drop every Tuesday on Spotify, Apple Podcasts, and igniteinnovation.net. Peak Prosperity Chris Martenson Peak Prosperity provides answers to those who question the mainstream narrative on the critical issues of our day by providing context, clarity, and understanding around seemingly complex systems. Topics include economy, energy, environment, and geopolitics.

Frequently Asked Questions

How long is this episode of Geopolitics Unplugged?

This episode is 11 minutes long.

When was this Geopolitics Unplugged episode published?

This episode was published on October 22, 2024.

What is this episode about?

Summary: In this episode, we discuss the vulnerabilities of the US industrial cyber infrastructure, particularly the power grid, water management, and communications systems. We highlight how outdated technology, weak security practices, and a lack...

Can I download this Geopolitics Unplugged episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!