Illustration: Axios Visuals
The Department of Homeland Security has identified 16 critical parts of our infrastructure that are at risk for a cyber attack — energy, financial services, transportation, water, and defense, to name a few.
But, but, but: Adam Meyers, vice president of Intelligence for cyber security company CrowdStrike, told Axios that the focus on critical infrastructure is misplaced; he argues there are smaller hacks occurring every day "that are laying the groundwork" for even bigger attacks in the future.
Why it matters: When it comes to cyber-security vulnerabilities, the U.S. has "unlimited risk, limited resources, and a thinking enemy," according to the Director of George Washington University's Center for Cyber and Homeland Security, Frank Cilluffo.
Recent attacks on everyday items:
- The Erie County Medical Center in Buffalo, New York, was the biggest U.S. hospital hack in 2017, per CBS News. The computer system of the level one trauma center was down for six weeks. The head of the cyber security firm that got the hospital back online told CBS this hints at other major concerns: "Imagine that physicians, clinical staff, nurses came in one day and...all of the data in the EMR [electronic medical records] was actually just wrong and you didn't know which data was wrong."
- 500,000 pacemakers were recalled in August by the FDA due to fears of cybersecurity vulnerabilities. While there were no reports of hacks, the FDA recognized the weak-spot in pacemakers that could allow hackers to "deliberately run the battery flat," or alter its pacing, the Guardian reports.
- The Equifax security breach earlier this year compromised the personal data of over 140 million people, exposing extremely sensitive information for everyday Americans.
- More than 30 schools in a Montana school district were targeted in a cyber hack in October, CNN reports. Hackers demanded money, or threatened to release private records on students and staff. The Department of Education warned parents and teachers that these extortion attempts have "included threats of violence, shaming, or bullying the children unless payment is received."
- North Korea, Russia, or China aren't as likely to go for a massive critical infrastructure attack just yet, because "the U.S. has articulated there will be significant consequences," according to Will Carter, deputy director at the Technology Policy Program for the Center for Strategic and International Studies. So instead, they're aiming to gather data on Americans with the goal of manipulating people into stealing intellectual property, spying for them, and furthering their "espionage goals."
One last thing: A Pew Research survey shows that awareness of cyber vulnerabilities has grown among Americans. 70% of Americans expect a major cyberattack on infrastructure in the next five years, and 62% believe the government can handle it.