Darktrace's David Masson on What Attacks on Critical Infrastructure Look Like

For years government regulators and security experts have been sounding the alarm about attacks that could cripple critical infrastructure — the assets and systems that support the functioning of a modern society and economy — but it took the attack against Colonial Pipeline for people to really pay attention, says David Masson, director of enterprise security with Darktrace.

That ransomware attack showed people firsthand how a cyber threat actually stopped gas from coming out of the pump, says Masson in this Tech Talk conversation with Dark Reading's Terry Sweeney. It doesn't even matter that the attackers behind Colonial Pipeline likely did not intend that outcome.

Since then, several other critical infrastructure organizations have been hit by ransomware and other attacks. There is also a worrisome trend toward more destructive attacks, Masson said. As an example, he points to the Russians trying to take down the telecommunications network in Ukraine to disrupt communications within the country. When their attempts failed, the Russians shot missiles directly at the cell towers and destroyed them, Masson notes.

About 85% of critical national infrastructure is under private control in North America, Masson says, which makes regulating critical infrastructure a bit of a challenge. The shift to public-private partnership, where infrastructure operators share threat information and intelligence with government agencies, is essential to understand the scale of the threat, he says.

President Dwight D. Eisenhower famously said that plans are worthless, but planning is indispensable. That mindset should drive security preparations: Deploy technology that gives visibility into the network, train people to recognize attacks, and maintain good backups so you can rebuild the infrastructure when needed.

"Start practicing and get ready so you don't end up being a rabbit stuck in the headlights," Masson says.