Employment Practices
Risk Management Association

print   email   Share

Taking Operations Offline: Not Without Risk, But Effective

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) stated that Russia orchestrated a cyber intrusion of the business network of a nuclear power plant in Kansas. Russia targeted a number of electric, water, and power plants in the U.S., including the Kansas nuclear power plant. The Wolf Creek Nuclear Operating Corp. in Burlington, Kansas provides power to approximately 800,000 homes.

Cybersecurity experts see these attacks as a sign that Russia is seeking to be able to disrupt critical facilities in the U.S. The article stated that Russia is capable of sabotaging and shutting down American power plants.

A Wolf Creek spokesperson stated that "safety and control systems for the reactor and other vital plant components" are not connected to the network or the internet and therefore were never at risk in the attack. The analog system cannot be hacked remotely.

According to a spokesperson for the Nuclear Energy Institute, all power plants operate on isolated networks that are not connected to the internet. Max Londberg "Russia infiltrated Kansas nuclear plant's business network, FBI and DHS say" kansascity.com (Mar. 16, 2018).

Commentary

 

Taking data offline is one of the best means for preserving it.

Cybercriminals can physically hack networks not connected to the internet. However, doing so is far more difficult, costly, and time-intensive than hacking something remotely through the internet connection.

It is important to always back up essential data to a storage device that is not connected to the network or the internet. If a criminal infects your system with ransomware, this backup is essential to continuing operations.

Particularly sensitive databases should also be stored offline and networks for critical services kept off the internet, if possible. If your operations allow employees to access private information or perform critical tasks from a computer in the workplace that is not internet connected, do so.

Of course, with employees working remotely and the need to share information with multiple devices, keeping information and operations offline is often not an option. In that case, you must protect your network and accounts as completely as possible. 

Secure all internet connections, networks, and devices with strong, unique passwords. Install the latest in cybersecurity software and other protections. Only give access to employees who need it. Require employees to use a secure, encrypted connection when accessing the network remotely.

Finally, your opinion is important to us. Please complete the opinion survey:
Enter Passcode to Register

State Employment Laws March To A Different Drum When It Comes To Damages

Employers must be vigilant in adhering to state and local laws, in addition to federal ones. Leslie Zieren examines the issue. Read More

Password Managers Offer Added Cyber Protection Against Phishing Scams

Password managers not only store your passwords; they also can help protect you from phishing scams. Learn more. Read More

Gender Identity Discrimination Risks: How Managers Should Respond

Mitigating the risk of gender identity discrimination comes down to an issue of workplace respect. Leslie Zieren examines the issue. Read More

FBI NEWS

FBI

Fingerprint Technology Helps Solve Cold Case

Advancements in fingerprint technology helped the FBI and state law enforcement partners find and bring to justice a man who kidnapped and sexually assaulted a young girl in Pennsylvania two decades ago.

Safe Online Surfing Challenge Opens

The FBI's Safe Online Surfing (SOS) Internet Challenge, which had record participation in 2018-2019, is reopening for the start of the new school year to help students navigate the web securely.

Operation Independence Day

A monthlong FBI-led operation to identify and arrest sex traffickers and recover child victims has resulted in dozens of arrests across the country and the identification and recovery of more than 100 juveniles.