WEBVTT

1
00:00:00.090 --> 00:00:02.580
In this lesson, we will learn about

2
00:00:02.580 --> 00:00:04.980
Critical Services Challenges.

3
00:00:04.980 --> 00:00:09.480
Critical Services Challenges in specialized system security

4
00:00:09.480 --> 00:00:13.140
involve protecting critical infrastructure sectors

5
00:00:13.140 --> 00:00:17.010
such as utilities, transportation, and healthcare

6
00:00:17.010 --> 00:00:19.170
from disruptions and threats

7
00:00:19.170 --> 00:00:22.710
that could have significant societal impacts.

8
00:00:22.710 --> 00:00:26.310
In the utilities sector, security challenges include

9
00:00:26.310 --> 00:00:29.190
safeguarding power grids and water systems

10
00:00:29.190 --> 00:00:31.380
from cyber attacks that could cause

11
00:00:31.380 --> 00:00:34.740
widespread outages or contamination.

12
00:00:34.740 --> 00:00:39.030
In transportation, securing systems like rail networks,

13
00:00:39.030 --> 00:00:41.820
air traffic control, and public transit

14
00:00:41.820 --> 00:00:44.640
against cyber threats prevents accidents

15
00:00:44.640 --> 00:00:47.430
and ensures the safety of passengers.

16
00:00:47.430 --> 00:00:50.730
In healthcare, the security of medical devices,

17
00:00:50.730 --> 00:00:54.450
patient data, and hospital networks is a paramount

18
00:00:54.450 --> 00:00:56.400
to protect patient privacy

19
00:00:56.400 --> 00:00:59.730
and ensure uninterrupted delivery of care.

20
00:00:59.730 --> 00:01:03.810
Let's learn more about industry specific challenges such as

21
00:01:03.810 --> 00:01:07.140
utilities, transportation, and healthcare.

22
00:01:07.140 --> 00:01:09.330
First, we have utilities.

23
00:01:09.330 --> 00:01:13.830
In the utilities sector, security challenges revolve around

24
00:01:13.830 --> 00:01:17.910
protecting essential information such as power grids,

25
00:01:17.910 --> 00:01:22.320
water systems, and gas pipelines from cyber attack.

26
00:01:22.320 --> 00:01:25.800
Utility systems are essential to daily life,

27
00:01:25.800 --> 00:01:29.250
and any disruption can have serious consequences,

28
00:01:29.250 --> 00:01:31.620
including widespread outages

29
00:01:31.620 --> 00:01:34.590
or the contamination of drinking water.

30
00:01:34.590 --> 00:01:38.640
Utilities often rely on industrial control systems

31
00:01:38.640 --> 00:01:41.040
that monitor and manage services

32
00:01:41.040 --> 00:01:44.640
such as electricity, water, and gas.

33
00:01:44.640 --> 00:01:46.770
If these systems are compromised,

34
00:01:46.770 --> 00:01:50.640
attackers can manipulate the flow of electricity, water,

35
00:01:50.640 --> 00:01:55.560
or gas, causing severe damage and disruption to services.

36
00:01:55.560 --> 00:01:59.280
An example of an attack in the utilities sector

37
00:01:59.280 --> 00:02:04.280
is the 2015 Ukrainian power grid cyber attack.

38
00:02:04.320 --> 00:02:07.230
In this attack, hackers remotely hijacked

39
00:02:07.230 --> 00:02:11.430
operator workstations to manually shut down substations

40
00:02:11.430 --> 00:02:15.870
cutting power to approximately 230,000 people.

41
00:02:15.870 --> 00:02:17.910
In addition to cutting power,

42
00:02:17.910 --> 00:02:21.720
the attackers also launched a denial of service attack

43
00:02:21.720 --> 00:02:25.320
on the call centers of the affected power companies,

44
00:02:25.320 --> 00:02:28.680
preventing customers from reporting the outages

45
00:02:28.680 --> 00:02:31.830
and further complicating recovery efforts.

46
00:02:31.830 --> 00:02:35.100
This sophisticated, multi-layered attack

47
00:02:35.100 --> 00:02:37.320
highlighted the potential for attackers

48
00:02:37.320 --> 00:02:40.620
to disrupt utilities on a large scale.

49
00:02:40.620 --> 00:02:42.600
In response to such threats,

50
00:02:42.600 --> 00:02:46.440
utilities must implement strong security measures.

51
00:02:46.440 --> 00:02:49.680
This includes using firewalls, encryption,

52
00:02:49.680 --> 00:02:51.750
and regular software updates

53
00:02:51.750 --> 00:02:54.450
to protect industrial control systems

54
00:02:54.450 --> 00:02:56.280
from being compromised.

55
00:02:56.280 --> 00:03:00.870
Utility organizations must also conduct regular security

56
00:03:00.870 --> 00:03:04.920
audits and employee training to ensure they are prepared

57
00:03:04.920 --> 00:03:07.830
to respond quickly to any attack.

58
00:03:07.830 --> 00:03:10.260
Second, we have transportation.

59
00:03:10.260 --> 00:03:14.100
The transportation sector faces significant security

60
00:03:14.100 --> 00:03:17.370
challenges in protecting its critical infrastructure

61
00:03:17.370 --> 00:03:19.050
from cyber attack.

62
00:03:19.050 --> 00:03:22.050
Rail networks, air traffic control systems,

63
00:03:22.050 --> 00:03:24.900
and public transit are increasingly reliant

64
00:03:24.900 --> 00:03:28.710
on digital systems for monitoring and communication.

65
00:03:28.710 --> 00:03:32.220
If these systems are disrupted, it can cause delays,

66
00:03:32.220 --> 00:03:34.770
accidents, and put lives at risk.

67
00:03:34.770 --> 00:03:37.950
Security and transportation maintains safe

68
00:03:37.950 --> 00:03:40.140
and efficient operations.

69
00:03:40.140 --> 00:03:44.310
A notable example of an attack in the transportation sector

70
00:03:44.310 --> 00:03:49.290
occurred in 2017 when a ransomware attack called Notpetya

71
00:03:49.290 --> 00:03:51.870
affected the shipping company Maersk.

72
00:03:51.870 --> 00:03:55.950
The Notpetya ransomware shut down Maersk's computer systems

73
00:03:55.950 --> 00:03:59.700
crippling its global operations for nearly 10 days,

74
00:03:59.700 --> 00:04:04.050
and impacting 76 of the company's ports worldwide.

75
00:04:04.050 --> 00:04:08.040
This attack led to significant delays in global shipping

76
00:04:08.040 --> 00:04:13.040
and cost the company an estimated $300 million in losses.

77
00:04:13.140 --> 00:04:16.020
The Notpetya ransomware spread rapidly

78
00:04:16.020 --> 00:04:19.350
through Maersk's networks by exploiting a vulnerability

79
00:04:19.350 --> 00:04:21.480
in an unpatched window system,

80
00:04:21.480 --> 00:04:24.360
highlighting the importance of timely patching

81
00:04:24.360 --> 00:04:26.370
and network segmentation.

82
00:04:26.370 --> 00:04:30.900
Because Maersk handled approximately 15 to 18%

83
00:04:30.900 --> 00:04:32.820
of the world's container shipping,

84
00:04:32.820 --> 00:04:36.630
the disruption severely impacted global supply chains,

85
00:04:36.630 --> 00:04:39.030
delaying goods across industries,

86
00:04:39.030 --> 00:04:41.850
and affecting economies around the world.

87
00:04:41.850 --> 00:04:45.300
This attack demonstrates how a single vulnerability

88
00:04:45.300 --> 00:04:49.380
in transportation infrastructure can have a global impact.

89
00:04:49.380 --> 00:04:51.180
To prevent such incidents,

90
00:04:51.180 --> 00:04:54.690
companies in the transportation sector should invest in

91
00:04:54.690 --> 00:04:58.680
security technologies such as network segmentation,

92
00:04:58.680 --> 00:05:00.510
intrusion detection systems,

93
00:05:00.510 --> 00:05:03.810
and strong access controls, ensuring the safety

94
00:05:03.810 --> 00:05:08.190
of passengers and the smooth operation of global logistics.

95
00:05:08.190 --> 00:05:10.950
Third and last, we have healthcare.

96
00:05:10.950 --> 00:05:14.790
Healthcare systems face unique security challenges due

97
00:05:14.790 --> 00:05:17.670
to the sensitive nature of patient data

98
00:05:17.670 --> 00:05:20.970
and the critical importance of medical devices

99
00:05:20.970 --> 00:05:22.830
and hospital networks.

100
00:05:22.830 --> 00:05:26.730
Cyber attacks targeting healthcare can lead to the theft

101
00:05:26.730 --> 00:05:28.710
of personal health information,

102
00:05:28.710 --> 00:05:31.050
or worse, disrupt the delivery

103
00:05:31.050 --> 00:05:33.630
of life-saving medical services.

104
00:05:33.630 --> 00:05:36.690
Hospitals rely on interconnected systems

105
00:05:36.690 --> 00:05:39.330
to manage everything from patient records

106
00:05:39.330 --> 00:05:43.740
to medical equipment, making them vulnerable to attacks.

107
00:05:43.740 --> 00:05:47.220
An example of an attack in the healthcare sector

108
00:05:47.220 --> 00:05:51.180
is the WannaCry ransomware attack of 2017.

109
00:05:51.180 --> 00:05:54.450
The attack affected healthcare systems worldwide,

110
00:05:54.450 --> 00:05:57.840
including the United Kingdom's National Health Service

111
00:05:57.840 --> 00:05:58.887
or NHS.

112
00:05:58.887 --> 00:06:02.850
The ransomware exploited a vulnerability in unpatched

113
00:06:02.850 --> 00:06:07.230
Windows systems infecting over 230,000 computers

114
00:06:07.230 --> 00:06:10.800
in 150 countries within a few days.

115
00:06:10.800 --> 00:06:15.720
In the UK at least 81 National Health Service trusts were

116
00:06:15.720 --> 00:06:18.030
impacted, causing the cancellation

117
00:06:18.030 --> 00:06:22.830
of approximately 19,000 medical appointments and procedures.

118
00:06:22.830 --> 00:06:25.830
Additionally, hospital networks were locked out

119
00:06:25.830 --> 00:06:28.590
of critical systems, forcing medical staff

120
00:06:28.590 --> 00:06:32.970
to cancel surgeries and divert patients to other hospitals.

121
00:06:32.970 --> 00:06:36.540
This attack demonstrated the dire consequences

122
00:06:36.540 --> 00:06:39.090
of a cyber attack in healthcare

123
00:06:39.090 --> 00:06:42.360
where delays in treatment can cost lives.

124
00:06:42.360 --> 00:06:45.660
To protect against such attacks, healthcare providers

125
00:06:45.660 --> 00:06:47.550
must prioritize security

126
00:06:47.550 --> 00:06:51.360
by securing medical devices, encrypting patient data,

127
00:06:51.360 --> 00:06:54.540
and implementing multi-factor authentication

128
00:06:54.540 --> 00:06:57.300
for staff access to sensitive systems.

129
00:06:57.300 --> 00:07:00.360
Regular updates and vulnerability patching

130
00:07:00.360 --> 00:07:04.140
are also essential to prevent criminals from exploiting

131
00:07:04.140 --> 00:07:06.900
weaknesses in hospital networks.

132
00:07:06.900 --> 00:07:11.900
So remember, critical services face major cybersecurity

133
00:07:11.970 --> 00:07:15.480
challenges, particularly in sectors like utilities,

134
00:07:15.480 --> 00:07:17.880
transportation and healthcare.

135
00:07:17.880 --> 00:07:20.400
In utilities, protecting power grids

136
00:07:20.400 --> 00:07:24.720
and water systems from attack prevents widespread outages

137
00:07:24.720 --> 00:07:27.750
or contamination of the water supply.

138
00:07:27.750 --> 00:07:31.740
Next, transportation systems, including rail networks

139
00:07:31.740 --> 00:07:35.820
and air traffic control rely on digital infrastructure

140
00:07:35.820 --> 00:07:38.730
that must be secured to avoid accidents

141
00:07:38.730 --> 00:07:41.490
and disruptions to passenger safety.

142
00:07:41.490 --> 00:07:44.670
And finally, healthcare is highly vulnerable

143
00:07:44.670 --> 00:07:46.860
where attacks on hospital networks

144
00:07:46.860 --> 00:07:50.550
and medical devices can compromise patient care

145
00:07:50.550 --> 00:07:52.380
and sensitive data.

146
00:07:52.380 --> 00:07:57.300
So effective security across these sectors ensures safe

147
00:07:57.300 --> 00:08:00.123
and uninterrupted public service.