As cyberattacks continue to grow both in numbers and sophistication, establishing cybersecurity for infrastructure projects and organizations is more crucial than ever before. 2020 was a record-breaking year for cyberattacks, with malware increasing by 358% and the number of organizations impacted by ransomware more than doubling globally.
While all organizations are potentially vulnerable to cyberattacks, the infrastructure industry has become a common target. Why? The largest contributing factor is that infrastructure companies tend to not prioritize upgrading their software systems. Deferred maintenance of software systems may seem to save time and money (and require no effort) in the short-term,but creates potential long-term complications and costs that far outweigh the momentary ease of sticking to the status quo. In fact, the longer these systems go without modernization, the more expensive they ultimately become to maintain.
This issue is not distinctly infrastructure-related: 70% of businesses do not complete their digital transformation plans. However, cybercriminals are aware that infrastructure companies are particularly hesitant to upgrade—and therefore they are frequent and appealing targets. A lack of employee training further compounds this issue: Employees are often not provided with the tools and knowledge to avoid exposing their organizations to even further risk.
One recent example of an infrastructure cyberattack was last April’s breach of the Colonial Pipeline Co.’s network. After accessing the network via compromised password, cybercriminals stole 100 gigabytes of data from Colonial Pipeline and threatened to leak the information if a cryptocurrency ransom was not paid. This ultimately led to a complete, precautionary shutdown of the entire pipeline —the first in its 57-year history.
Why are home-grown, in-house/ “legacy” tech solutions so vulnerable to cybercrime?
Many government agencies rely on decades-old systems that are incapable of integrating with other systems. While they may be familiar and comfortable, they present significant risks. They frequently introduce a single point of failure, and the vast majority of these legacy systems have not been updated with security measures to appropriately address modern day ransomware. As such, they are alluring targets for hackers and require less effort to breach.
Some agencies have developed internal software systems to counteract this issue—but this approach is ultimately more costly and inefficient than simply migrating to a modernized, cloud-based system. Internal software systems not only require a dedicated in-house staff for training and maintenance purposes, they lack the ability to evolve, integrate with other solutions, and ultimately, require additional management, reporting, and budgetary requirements.
What can owners do to protect large public infrastructure from cyber criminals?
Migration to a cloud-based system is key to both security and innovation. Infrastructure agencies can protect their data from cyber attacks by replacing legacy systems with modernized solutions. Doing so provides a multi-layered security approach that mitigates threats before they can become severe cyberattacks.
Infrastructure owners, specifically, stand to benefit immensely from adopting a cloud solution. Despite past hesitation to modernize, the needle is beginning to move: More and more organizations are coming to the conclusion that their legacy systems are not designed to handle the challenges of modern-day cyberattacks. This shift in perception has only gained further momentum due to the transition to remote work. In fact, a 2020 study determined that cloud services are becoming increasingly vital in modern, digital services delivery within the U.S. infrastructure industry.
How does modernizing technology help secure the data that is most vulnerable to cyber crime?
One key way to recover data lost during a cyberattack is through modernized technology. Headlight’s visual-based inspection technology for infrastructure projects allows teams to capture, share, and act on data from the job-site in real time. This not only increases the accountability and effectiveness of construction projects—it can be instrumental in securing vulnerable data.
For example, the Texas Department of Transportation’s (TxDOT) system outage occurred just days before their monthly reconciliation process for contractor payments. They informed their CE&I partner, Aguirre & Fields, of the outage. Within two weeks, Aguirre & Fields was able to deliver a new fully functional business process and data output solution to the I30/SH360, and other project partners. This output report allowed TxDOT district partners to reconcile work items and pay estimates for contractor payments. Additionally, they were able to easily input the backlog of essential project data into SiteManager following the outage. This solution was made possible because Aguirre & Fields incorporates Headlight as a core part of their capabilities..