Who is to blame if your facilities are attacked via network connections? Spring 2017 a global ransomware attack, WannaCry Ransomware, got lot of attention hitting companies, organizations and individual persons. Estimations of its impact were varying but numbers revealed claim that it infected more than 230,000+ computers in 150 countries. A shocking part of the attack was that one of the largest agencies struck by the attack was the National Health Service hospitals in England and Scotland.
In CS-AWARE (A cybersecurity situational awareness and information sharing solution for local public administrations based on advanced big data analysis) research project, we aim at proposing a doable solution. With this project we want to raise the flag and urge municipalities and other responsible actors to be aware and incorporate patches for the security configurations.
Ransomware is a typically a malicious software threatening to publish the victim’s data or perpetually blocking access to it unless a ransom is paid. WannaCry targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
The moral of this incident was that it could have been easily avoided. The ransomware used a known Windows vulnerability for which Microsoft had issued earlier a patch with a Critical Security Bulletin. This showed us once more how essential it is to have a pro-active and regular Vulnerability and Patch Management process.
Governments all over the world have realized the seriousness of these incidents and consequences if even the simplest upfront anticipation has not taken care of. Earlier this year the UK government took action that will impose fines as much as GBP 17 million on companies that support the critical infrastructure if they fila to employ adequate security. This includes to report an incident or fail to comply with regulators’ instructions. In Australia, the government passed the Security of Critical Infrastructure Bill. This gives to the government the authority to direct companies that operate the country’s critical infrastructure sectors (i.e. gas, water, electricity, ports and others).
CS-AWARE is an EU-funded research project, coordinated by the University of Oulu. We propose a situational awareness solution that is meant for small- to medium-sized IT infrastructures of local public administrations (LPAs) in both technological realisation and business/market strategy. Advanced features like cybersecurity related information sharing, cyber-incident detection or self-healing capabilities can be provided based on situational awareness. Based on these recent incidents the value of this work is crowing.
Juha Röning
Professor and director of Biomimetics and Intelligent Systems (BISG) research group
Coordinator of CS-AWARE
PS. Just end of March, it was reported WannaCry surfacing again. At a Boeing aircraft manufacturing facility in South Carolina it infected a number of computers. A nice bow towards the Boeing company since they manage to shut the incident quickly.