A report issued by a U.S. agency on Monday showed that the loss of a major cyberattack on major U.S. utilities or service providers may be equivalent to the loss caused by natural disasters such as hurricanes.
The report was compiled by experts from the Foundation for the Defense of Democracy (FDD) and the insurance group Intangic, and used a risk rating system developed by Intangic to estimate the impact of two destructive cyberattacks.
The survey results estimate that a managed service provider that provides IT services in various key areas for hundreds of customers may cause nearly US$80 billion in economic losses during a three-day network outage, which has exceeded the 650 million caused by Hurricane Sandy in 2012. Billion dollars in losses.
If you attack key utility companies such as regional power companies, the losses will be even greater. Intangic estimates that a violation that caused a five-day power outage will cost about 193.5 billion U.S. dollars, more than the 2005 Hurricane Katrina and the 2018 California wildfires.
The report stated: “Network vulnerabilities pose a systemic risk to the U.S. economy.”
The report was released after a cyber attack on key organizations.
In May, a cyber attack group launched a ransomware attack on the Colonial Pipeline, which provides 45% of the East Coast’s fuel supply, forcing the company to close the pipeline for nearly a week, resulting in a gasoline shortage. JBS USA, the largest beef supplier in the United States, was attacked by ransomware shortly afterwards, which also disrupted a critical food supply chain.
The FBI blamed both attacks on cybercriminal groups that may have come from Russia. Although the FBI assessed that these groups are not supported by the Kremlin, concerns about Russia’s harbouring cybercriminals are a topic of conversation between the two parties. President Biden and Russian President Vladimir Putin will inevitably mention it at their recent face-to-face summit in Switzerland.
During the outbreak in the United States and around the world, attacks on hospitals, healthcare systems, schools, and government agencies have also surged. These include the SolarWinds hacker, which allows Russian hackers to invade 9 US government agencies and 100 private sector groups within a year.
“Almost all sectors of the U.S. economy have suffered cyber attacks and ransomware attacks. The market itself has failed to convince the private sector of the need for a minimum level of cyber hygiene,” said Mark Montgomery, senior director of the FDD Center, on cyber and ransomware attacks. Said in a statement on technological innovation.
“This paper provides data for policymakers to show that government action is needed to solve this market failure problem,” he added.
The report calls on Congress to approve a nationwide violation notification law to force all companies that are subject to cyber attacks to report violations regardless of whether their customer data is affected.
Legislators are considering doing so. The Senate Intelligence Committee Chairman’s draft bill D-Va., Vice Chairman R-Fla. and Sen R-Maine include requirements for federal agencies, federal contractors, and owners and operators of critical infrastructure to report to cybersecurity and infrastructure within 24 hours. The Security Bureau reports cybersecurity incidents.
Rubio told Hill last week that when the Senate adjourned on July 4, the bill may be formally introduced in the following week.