WEBVTT 1 00:00:00.270 --> 00:00:01.200 In this lesson, 2 00:00:01.200 --> 00:00:02.280 we will learn about 3 00:00:02.280 --> 00:00:04.860 commercial and government challenges. 4 00:00:04.860 --> 00:00:06.930 Commercial and government challenges 5 00:00:06.930 --> 00:00:10.680 include securing sensitive operations and data 6 00:00:10.680 --> 00:00:12.780 in sectors like manufacturing, 7 00:00:12.780 --> 00:00:15.690 finance, and government, or defense 8 00:00:15.690 --> 00:00:19.230 against sophisticated threats and vulnerabilities. 9 00:00:19.230 --> 00:00:20.580 In manufacturing, 10 00:00:20.580 --> 00:00:24.210 protecting industrial control systems or ICS 11 00:00:24.210 --> 00:00:27.600 and intellectual property from cyber attack helps 12 00:00:27.600 --> 00:00:30.270 to maintain operational continuity 13 00:00:30.270 --> 00:00:32.340 and competitive advantage. 14 00:00:32.340 --> 00:00:34.020 In the financial sector, 15 00:00:34.020 --> 00:00:38.490 challenges in securing transaction systems, customer data, 16 00:00:38.490 --> 00:00:41.010 and ensuring regulatory compliance 17 00:00:41.010 --> 00:00:44.490 protect against fraud and data breaches. 18 00:00:44.490 --> 00:00:47.040 In the government and defense sector, 19 00:00:47.040 --> 00:00:50.460 classified information, critical infrastructure, 20 00:00:50.460 --> 00:00:53.520 and military operations must be safe 21 00:00:53.520 --> 00:00:57.480 from state sponsored cyber attack and espionage. 22 00:00:57.480 --> 00:01:01.110 Let's learn more about commercial and government challenges 23 00:01:01.110 --> 00:01:03.480 to the manufacturing, financial, 24 00:01:03.480 --> 00:01:06.330 and government defense sectors. 25 00:01:06.330 --> 00:01:09.300 First, we have the manufacturing sector. 26 00:01:09.300 --> 00:01:11.310 In the manufacturing sector, 27 00:01:11.310 --> 00:01:13.860 protecting industrial control systems 28 00:01:13.860 --> 00:01:16.140 or ICS is critical. 29 00:01:16.140 --> 00:01:19.320 Industrial control systems, control machines, 30 00:01:19.320 --> 00:01:21.630 robotics, and other equipment 31 00:01:21.630 --> 00:01:24.390 that are central to the production process 32 00:01:24.390 --> 00:01:26.400 and attack on these systems 33 00:01:26.400 --> 00:01:30.720 could disrupt the entire supply chain and halt operations. 34 00:01:30.720 --> 00:01:32.981 So manufacturers must ensure 35 00:01:32.981 --> 00:01:36.090 that both the operational technology 36 00:01:36.090 --> 00:01:39.300 and information technology that they use 37 00:01:39.300 --> 00:01:42.780 are secured to maintain business continuity. 38 00:01:42.780 --> 00:01:46.350 An example of an attack in the manufacturing sector 39 00:01:46.350 --> 00:01:50.190 is the 2019 attack, a Norsk Hydro, 40 00:01:50.190 --> 00:01:52.440 a global aluminum producer. 41 00:01:52.440 --> 00:01:53.940 Norsk Hydro, was hit 42 00:01:53.940 --> 00:01:55.980 by the LockerGoga ransomware, 43 00:01:55.980 --> 00:01:57.270 which forced the company 44 00:01:57.270 --> 00:02:00.960 to switch to manual operations at several plants. 45 00:02:00.960 --> 00:02:03.630 The ransomware encrypted critical files 46 00:02:03.630 --> 00:02:05.040 across their network, 47 00:02:05.040 --> 00:02:09.360 disrupting both administrative and production systems. 48 00:02:09.360 --> 00:02:12.600 So employees had to use handwritten notes 49 00:02:12.600 --> 00:02:14.400 to maintain operations, 50 00:02:14.400 --> 00:02:16.860 severely slowing down production. 51 00:02:16.860 --> 00:02:19.440 This disruption affected the company's 52 00:02:19.440 --> 00:02:21.690 entire production process, 53 00:02:21.690 --> 00:02:24.300 including aluminum rolling plants 54 00:02:24.300 --> 00:02:26.430 and extrusion operations, 55 00:02:26.430 --> 00:02:29.940 and it resulted in significant financial losses, 56 00:02:29.940 --> 00:02:32.553 estimated to be over $40 million. 57 00:02:33.390 --> 00:02:36.600 This attack demonstrates the vulnerabilities 58 00:02:36.600 --> 00:02:38.970 within manufacturing operations 59 00:02:38.970 --> 00:02:42.030 and the need to secure industrial systems 60 00:02:42.030 --> 00:02:44.130 against ransomware attack. 61 00:02:44.130 --> 00:02:48.420 Intellectual property is another concern for manufacturers. 62 00:02:48.420 --> 00:02:51.810 Intellectual property includes product designs, 63 00:02:51.810 --> 00:02:55.110 trade secrets, and proprietary processes. 64 00:02:55.110 --> 00:02:57.120 If stolen through an attack, 65 00:02:57.120 --> 00:02:59.190 this information can be sold 66 00:02:59.190 --> 00:03:03.690 to competitors eroding a company's competitive advantage. 67 00:03:03.690 --> 00:03:06.780 So to safeguard intellectual property, 68 00:03:06.780 --> 00:03:09.870 manufacturers deploy strong encryption methods 69 00:03:09.870 --> 00:03:11.940 and access controls. 70 00:03:11.940 --> 00:03:14.790 For example, in 2014, 71 00:03:14.790 --> 00:03:19.620 the US Steel Corporation was targeted by cyber espionage, 72 00:03:19.620 --> 00:03:23.580 allegedly carried out by Chinese state sponsored hackers, 73 00:03:23.580 --> 00:03:26.910 aiming to steal proprietary information. 74 00:03:26.910 --> 00:03:29.130 The hackers were accused of attempting 75 00:03:29.130 --> 00:03:30.930 to access trade secrets 76 00:03:30.930 --> 00:03:33.996 related to US steel's production, innovations, 77 00:03:33.996 --> 00:03:36.480 and manufacturing techniques, 78 00:03:36.480 --> 00:03:39.120 potentially providing Chinese competitors 79 00:03:39.120 --> 00:03:40.740 with an unfair advantage 80 00:03:40.740 --> 00:03:42.840 in the global steel market. 81 00:03:42.840 --> 00:03:46.620 Finally, manufacturers also face the challenge 82 00:03:46.620 --> 00:03:50.130 of securing the growing number of connected devices 83 00:03:50.130 --> 00:03:52.650 and sensors in their factories. 84 00:03:52.650 --> 00:03:56.760 With the rise of the Internet of things in manufacturing, 85 00:03:56.760 --> 00:03:59.250 the attack surface has increased. 86 00:03:59.250 --> 00:04:02.280 Giving cyber criminals more entry points 87 00:04:02.280 --> 00:04:04.260 into a company's network, 88 00:04:04.260 --> 00:04:07.920 securing IOT or Internet of things devices 89 00:04:07.920 --> 00:04:10.650 with updated firmware and monitoring 90 00:04:10.650 --> 00:04:13.440 traffic patterns for unusual activity, 91 00:04:13.440 --> 00:04:16.380 can mitigate some of these risks. 92 00:04:16.380 --> 00:04:19.140 Second, we have the financial sector. 93 00:04:19.140 --> 00:04:20.970 In the financial sector, 94 00:04:20.970 --> 00:04:24.390 securing transaction systems ensures trust 95 00:04:24.390 --> 00:04:26.760 and prevents financial loss. 96 00:04:26.760 --> 00:04:29.940 Financial institutions process millions 97 00:04:29.940 --> 00:04:31.590 of transactions daily, 98 00:04:31.590 --> 00:04:33.390 and a breach in their systems 99 00:04:33.390 --> 00:04:36.510 could have devastating consequences. 100 00:04:36.510 --> 00:04:40.200 Cyber criminals often target financial systems 101 00:04:40.200 --> 00:04:43.830 to steal funds or hold systems for ransom. 102 00:04:43.830 --> 00:04:47.610 A notable example of financial sector attack 103 00:04:47.610 --> 00:04:49.890 is the 2016 attack 104 00:04:49.890 --> 00:04:52.380 on the Bangladesh central bank. 105 00:04:52.380 --> 00:04:53.430 In this attack, 106 00:04:53.430 --> 00:04:57.450 hackers exploited weaknesses in the SWIFT payment system 107 00:04:57.450 --> 00:05:00.810 and attempted to steal nearly $1 billion. 108 00:05:00.810 --> 00:05:02.190 The attackers believed 109 00:05:02.190 --> 00:05:04.500 to be the North Korean Lazarus group 110 00:05:04.500 --> 00:05:06.690 used sophisticated techniques 111 00:05:06.690 --> 00:05:08.820 to infiltrate the bank's network 112 00:05:08.820 --> 00:05:11.820 and issue fraudulent transfer requests. 113 00:05:11.820 --> 00:05:14.317 They initially succeeded in transferring 114 00:05:14.317 --> 00:05:18.270 $81 million to accounts in the Philippines 115 00:05:18.270 --> 00:05:21.600 before a typo in one of the transfer orders, 116 00:05:21.600 --> 00:05:25.560 raised suspicion, and resulted in uncovering the theft. 117 00:05:25.560 --> 00:05:27.960 While most of the money was recovered, 118 00:05:27.960 --> 00:05:31.200 the attack exposed significant vulnerabilities 119 00:05:31.200 --> 00:05:33.480 in inter-bank payment systems, 120 00:05:33.480 --> 00:05:35.970 including poor security protocols 121 00:05:35.970 --> 00:05:40.200 and insufficient monitoring of suspicious transactions. 122 00:05:40.200 --> 00:05:43.230 Customer data including personal information, 123 00:05:43.230 --> 00:05:44.550 credit card numbers, 124 00:05:44.550 --> 00:05:48.600 and banking details are prime targets for cyber criminals, 125 00:05:48.600 --> 00:05:52.020 making it essential for financial institutions 126 00:05:52.020 --> 00:05:55.500 to comply with strict data protection regulations 127 00:05:55.500 --> 00:05:57.360 to prevent breaches. 128 00:05:57.360 --> 00:06:01.350 For example, institutions must adhere to regulations 129 00:06:01.350 --> 00:06:04.980 like the general data protection regulation in Europe 130 00:06:04.980 --> 00:06:08.490 and the payment card industry data security standard, 131 00:06:08.490 --> 00:06:11.520 which ensures appropriate measures are taken 132 00:06:11.520 --> 00:06:14.880 to protect customer data and prevent fraud. 133 00:06:14.880 --> 00:06:18.330 Failure to comply can lead to hefty fines 134 00:06:18.330 --> 00:06:20.400 and damage to reputation. 135 00:06:20.400 --> 00:06:22.800 Given the financial sector's reliance 136 00:06:22.800 --> 00:06:25.920 on digital infrastructure and customer trust, 137 00:06:25.920 --> 00:06:28.800 it remains a major target for attack, 138 00:06:28.800 --> 00:06:32.640 emphasizing the need for strong security measures. 139 00:06:32.640 --> 00:06:34.200 Third and last, 140 00:06:34.200 --> 00:06:37.200 we have the government or defense sector. 141 00:06:37.200 --> 00:06:39.450 In the government and defense sector, 142 00:06:39.450 --> 00:06:43.410 securing classified information is a top priority. 143 00:06:43.410 --> 00:06:45.930 State sponsored attacks often aimed 144 00:06:45.930 --> 00:06:49.230 to steal or manipulate sensitive government data, 145 00:06:49.230 --> 00:06:50.280 which could be used 146 00:06:50.280 --> 00:06:52.860 to gain a strategic advantage. 147 00:06:52.860 --> 00:06:55.140 A well-known example of an attack 148 00:06:55.140 --> 00:06:57.720 in the government or defense sector 149 00:06:57.720 --> 00:07:01.260 is the 2020 SolarWinds cyber attack 150 00:07:01.260 --> 00:07:05.400 where hackers infiltrated several US government agencies. 151 00:07:05.400 --> 00:07:06.480 In this attack, 152 00:07:06.480 --> 00:07:10.710 the hackers inserted malicious code into software updates 153 00:07:10.710 --> 00:07:13.350 for the SolarWinds Orion platform, 154 00:07:13.350 --> 00:07:16.320 which is widely used for network management. 155 00:07:16.320 --> 00:07:19.050 This allowed the attackers to gain access 156 00:07:19.050 --> 00:07:23.400 to sensitive systems without detection for several months. 157 00:07:23.400 --> 00:07:27.300 Overall, the breach affected multiple federal agencies, 158 00:07:27.300 --> 00:07:30.540 including the departments of Homeland Security, 159 00:07:30.540 --> 00:07:32.220 Energy, and Treasury, 160 00:07:32.220 --> 00:07:35.520 potentially, exposing national security secrets 161 00:07:35.520 --> 00:07:38.280 and critical infrastructure information. 162 00:07:38.280 --> 00:07:41.130 This attack highlights the vulnerabilities 163 00:07:41.130 --> 00:07:44.520 in the government and defense software supply chain, 164 00:07:44.520 --> 00:07:46.119 and underscores the need 165 00:07:46.119 --> 00:07:48.660 for stronger security protocols 166 00:07:48.660 --> 00:07:51.120 in managing third party software. 167 00:07:51.120 --> 00:07:54.060 Next, government and defense communications 168 00:07:54.060 --> 00:07:57.060 are a critical asset that must be protected. 169 00:07:57.060 --> 00:07:59.433 Military operations rely heavily 170 00:07:59.433 --> 00:08:03.840 on secure communication networks and command systems. 171 00:08:03.840 --> 00:08:06.630 A cyber attack disrupting these systems 172 00:08:06.630 --> 00:08:08.970 could manipulate battlefield data 173 00:08:08.970 --> 00:08:11.400 or disable critical infrastructure, 174 00:08:11.400 --> 00:08:14.730 putting missions and service members at risk. 175 00:08:14.730 --> 00:08:18.540 Governments must invest in cybersecurity strategies 176 00:08:18.540 --> 00:08:21.510 to safeguard their military assets. 177 00:08:21.510 --> 00:08:25.050 In 2008, the US military was targeted 178 00:08:25.050 --> 00:08:29.340 by a malware known as Agent.btz, 179 00:08:29.340 --> 00:08:33.600 which infiltrated systems through infected USB drives. 180 00:08:33.600 --> 00:08:37.620 The malware created a backdoor into military networks, 181 00:08:37.620 --> 00:08:41.730 allowing unauthorized access to sensitive information. 182 00:08:41.730 --> 00:08:43.740 The US Department of Defense 183 00:08:43.740 --> 00:08:46.560 spent significant time and resources 184 00:08:46.560 --> 00:08:48.540 eradicating this malware, 185 00:08:48.540 --> 00:08:49.980 which led to the ban 186 00:08:49.980 --> 00:08:54.690 on the use of USB drives across military networks. 187 00:08:54.690 --> 00:08:59.370 This attack emphasized the growing threat of cyber espionage 188 00:08:59.370 --> 00:09:02.010 and was a catalyst for the creation 189 00:09:02.010 --> 00:09:04.980 of the US cyber command in 2010, 190 00:09:04.980 --> 00:09:07.920 tasked with defending military networks 191 00:09:07.920 --> 00:09:10.710 and enhancing cyber capabilities. 192 00:09:10.710 --> 00:09:14.730 So remember, securing sensitive operations 193 00:09:14.730 --> 00:09:16.620 and data is a challenge 194 00:09:16.620 --> 00:09:19.590 for both commercial and government sectors, 195 00:09:19.590 --> 00:09:23.700 especially in industries like manufacturing, finance, 196 00:09:23.700 --> 00:09:25.890 and government or defense. 197 00:09:25.890 --> 00:09:27.270 In manufacturing, 198 00:09:27.270 --> 00:09:30.870 protecting systems that control production processes 199 00:09:30.870 --> 00:09:33.420 and safeguarding intellectual property 200 00:09:33.420 --> 00:09:36.840 are essential to maintaining business continuity 201 00:09:36.840 --> 00:09:38.670 and staying competitive. 202 00:09:38.670 --> 00:09:41.510 Next, financial institutions must focus 203 00:09:41.510 --> 00:09:45.690 on securing transaction systems and customer data 204 00:09:45.690 --> 00:09:48.390 while complying with strict regulations 205 00:09:48.390 --> 00:09:51.300 to prevent fraud and breaches. 206 00:09:51.300 --> 00:09:55.170 Finally, government and defense sectors face the threat 207 00:09:55.170 --> 00:09:58.530 of state-sponsored cyber attack aimed at stealing 208 00:09:58.530 --> 00:10:01.560 or manipulating classified information 209 00:10:01.560 --> 00:10:04.230 and disrupting critical infrastructure. 210 00:10:04.230 --> 00:10:05.940 Across all sectors, 211 00:10:05.940 --> 00:10:09.120 strong cyber security strategies protect 212 00:10:09.120 --> 00:10:12.363 against growing and sophisticated threats.