Critical infrastructure is a huge cybersecurity problems

The biggest problem in cybersecurity?

Following a wave of high-profile cyberattacks in recent years, cybersecurity budgets have swelled at many businesses. But the same can’t be said for many operators of the critical infrastructure that underpins all businesses (and all of society).

The disparity has been a topic of discussion lately in the cybersecurity community, including by Robert M. Lee, CEO and co-founder of Dragos, which secures industrial controls systems.

• Lee said in a tweet Saturday that while the largest companies today are asking, "How do we integrate our XDR?” there are thousands of water utilities asking, "How do we pay for a firewall?"
• Security professional Kevin Beaumont called the issue "the biggest unsolved problem in cybersecurity."
• Municipal water utilities are especially underfunded on cybersecurity, according to a recent report from POLITICO's Eric Geller.
• And when a choice must be made to buy chemicals for water treatment or invest in security, the utility is going to choose the chlorine every time, security consultant Jonathan Kilpatrick told Geller.

A frightening hack of a Florida water treatment plant in early 2021 underscored the risk: The attacker reportedly increased sodium hydroxide, aka lye, to 100X the normal level. (It was immediately caught by an operator.)

• Another wake-up call about critical infrastructure security came a few months later, with the ransomware attack on Colonial Pipeline a year ago that caused gas shortages across the southeastern U.S.

Boosting funding to critical infrastructure operators for cybersecurity will be key, of course. But that alone won't fix the issue.

• Utilities don't just need firewalls — they also need people. And there aren't nearly enough security professionals to go around.
• Software vendors can help, indirectly: To give security teams less to worry about, "vendors are going to have to ship secure by default solutions," Beaumont said in a tweet.

Businesses should also consider sharing their cybersecurity talent, some suggest.

• "I think that we've got to get really comfortable with that," Betsy Soehren-Jones, who formerly headed cybersecurity strategy for energy utility Exelon, told me.
• In light of the cyberthreats to critical infrastructure, she believes the question everyone in security should be asking is, "how do we share [talent] in a way where it's helpful, and it's quick?"

— Kyle Alspach (email | twitter)

A MESSAGE FROM LOGITECH

Hybrid work success looks different depending on who you ask. Your company is made up of a cast of players, each with a role critical to a competitive and thriving business, and with an eye on their North Star: employee happiness. How do you appease all those stakeholders?

Learn more

Can’t make chips without wafers

Politicians around the country have been talking about reviving U.S. chip manufacturing for a couple of years now. The chip giants themselves have trumpeted their contribution to the effort with factory expansion plans that are measured in the tens of billions of dollars. But it’s pretty hard to print a chip without a wafer, and the U.S. doesn’t make a lot of them anymore.

That’s why GlobalWafers’ announcement Monday about building a new wafer factory in Sherman, Texas, caught our attention. Taiwan-based GlobalWafers said the new $5 billion plant will produce 1.2 million wafers a month, and begin shipping products in 2025. The factory would be the first new wafer production facility built in the U.S. in 20 years, and would have enough capacity to cover all of the planned new fabrication facilities announced by the likes of TSMC, Intel and Samsung.

At the moment, 90% of the world’s 300mm wafers — the ones used for the most advanced chips — are made by five companies scattered around Japan, Taiwan, South Korea and Germany. And much like the rest of the chip industry, there is a shortage of silicon wafers that is costly and time-consuming to correct, according to the trade publication Semiconductor Engineering. Wafer supplies are expected to be tight through at least 2024.

— Max A. Cherney (email | twitter)

Around the enterprise

Former President Trump’s Truth Social network got off to a rocky start in part because it relied on two smaller, regional cloud providers after deciding not to use AWS for optical reasons, according to a Reuters investigation.

Hitachi launched a “sovereign cloud” computing service based on VMware that allows customers in Japan to know their data is being stored within the country.

A MESSAGE FROM LOGITECH

Rightsizing, where each meeting space is outfitted for a specific purpose, is top of mind for facilities pros. Reconfiguring rooms to support new hybrid work schedules enables personalization and a safe return to the office. Understanding how employees will use spaces as they come back will be critical for success.

Learn more