The recent reports of Iranian threat actors targeting the Municipal Water Authority of Aliquippa in Pennsylvania and engaging in similar attacks underscore crucial concerns regarding the safeguarding of critical infrastructure in the United States.
According to SC Media, the local taxes we pay are often sufficient to subsidize our local infrastructure, pay the salaries of our municipal staff and law enforcement. They are designed to deliver enough money to operate a relatively modern computing environment for the municipal services and utilities. Over the years, those budgets have also evolved to include some basic cybersecurity capability. Yet, they are not prepared to defend our municipal services from a sophisticated, well-resourced, and organized nation-state attacker.
In the event that a foreign nation were to land on U.S. shores and march into our local towns and begin dismantling or disrupting the local municipal utilities, the U.S. federal government would spring into action. Yet the digital equivalent of this happens every single day in America, and we have no real plan. Small cities in the Midwest cannot defend themselves against an Iranian cyber offensive. Nor should we expect them to have that capability.
We see this issue playing out not just with utilities, but with cyberattacks on small businesses and organized cyber scams against our citizens. The troubling part of all this: tax-paying victims have no one to depend on in a crisis. The FBI is too busy with larger issues, and local law enforcement does not have the training or resources to investigate or protect victims of digital crime. Meanwhile, billions of dollars are being siphoned away nationwide.
This begs the question: Where is our federal government?
Consider how we manage our infrastructure. Each utility, managed in a vacuum, with barely enough resources to keep up with the changing technical landscape and vital to the sustainment of our daily lives, comes under incessant attack from foreign adversaries that intend to do us harm.