Latest news with #criticalinfrastructure
Yahoo
8 hours ago
- Business
- Yahoo
Anterix Gains Traction as Digi International Launches New Router Supporting 900 MHz Private LTE Spectrum
Anterix Inc. (NASDAQ:ATEX) is one of the best telecom stocks to buy according to Wall Street analysts. On June 23, Digi International Inc. (NASDAQ:DGII) announced the market launch of the Digi IX30-0EG4. The edge computing industrial IoT cellular router solution has achieved the 'Anterix Active' designation, which signifies its full support for Anterix's nationwide 900 MHz private LTE spectrum. The Digi IX30-0EG4 is engineered for hazardous and mission-critical applications within both public and private LTE networks. It is tailored for energy and utilities applications. The router is C1D2 and NEMA TS2-rated, which ensures secure and reliable connectivity for industrial assets even in challenging environments. A technician working on an aerial view of a critical infrastructure, emphasizing the importance of the company's utility services. Anterix is the largest holder of licensed spectrum in the 900 MHz band across the contiguous US, as well as Alaska, Hawaii, and Puerto Rico. The low-band spectrum is particularly well-suited for wide-area coverage, deep penetration through obstacles, and consistent performance over vast and difficult terrains. The Digi IX30-0EG4 is fully integrated with Digi Remote Manager (Digi RM) and powered by Digi Accelerated Linux (DAL OS). Anterix Inc. (NASDAQ:ATEX) is a wireless communications company that commercializes its spectrum assets for targeted utility and critical infrastructure customers to deploy private broadband networks and broadband solutions. Digi International Inc. (NASDAQ:DGII) provides business and mission-critical IoT connectivity products, services, and solutions. While we acknowledge the potential of ATEX as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the . READ NEXT: and . Disclosure: None. This article is originally published at Insider Monkey. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
The Verge
18 hours ago
- The Verge
How vulnerable is critical infrastructure to cyberattack in the US?
Our water, health, and energy systems are increasingly vulnerable to cyberattack. Now, when tensions escalate — like when the US bombed nuclear facilities in Iran this month — the safety of these systems becomes of paramount concern. If conflict erupts, we can expect it to be a 'hybrid' battle, Joshua Corman, executive in residence for public safety & resilience at the Institute for Security and Technology (IST), tells The Verge. 'With great connectivity comes great responsibility.' Battlefields now extend into the digital world, which in turn makes critical infrastructure in the real world a target. I first reached out to IST for their expertise on this issue back in 2021, when a ransomware attack forced the Colonial Pipeline — a major artery transporting nearly half of the east coast's fuel supply — offline for nearly a week. Since then, The Verge has also covered an uptick in cyberattacks against community water systems in the US, and America's attempts to thwart assaults supported by other governments. It's not time to panic, Corman reassures me. But it is important to reevaluate how we safeguard hospitals, water supplies, and other lifelines from cyberattack. There happen to be analog solutions that rely more on physical engineering than putting up cyber firewalls. This interview has been edited for length and clarity. As someone who works on cybersecurity for water and wastewater, healthcare, food supply chains, and power systems — what keeps you up at night? Oh, boy. When you look across what we designate as lifeline critical functions, the basic human needs — water, shelter, safety — those are among some of our most exposed and underprepared. With great connectivity comes great responsibility. And while we're struggling to protect credit card cards or websites or data, we continue to add software and connectivity to lifeline infrastructure like water and power and hospitals. We were always prey. We were just kind of surviving at the appetite of our predators, and they're getting more aggressive. How vulnerable are these systems in the US? You might have seen the uptick in ransomware starting in 2016. Hospitals very quickly became the number one preferred target of ransomware because they're what I call 'target rich, but cyber poor.' The unavailability of their service is pretty dire, so the unavailability can be monetized very easily. You have this kind of asymmetry and unmitigated feeding-frenzy, where it's attractive and easy to attack these lifeline functions. But it's incredibly difficult to get staff, resources, training, budget, to defend these lifeline functions. If you're a small, rural water facility, you don't have any cybersecurity budget. We often usher platitudes of 'just do best practices, just do the NIST framework.' But they can't even stop using end of life, unsupported technology with hard-coded passwords. 'You have this kind of asymmetry and unmitigated feeding-frenzy' It's about 85 percent of the owners and operators of these lifeline critical infrastructure entities that are target rich and cyber poor. Take water systems, for example. Volt Typhoon has been found successfully compromising US water facilities and other lifeline service functions, and it's sitting there in wait, prepositioning. [Editor's note: Volt Typhoon is a People's Republic of China state-sponsored cyber group] China specifically has intentions toward Taiwan as early as 2027. They basically would like the US to stay out of their intentions toward Taiwan. And if we don't, they're willing to disrupt and destroy parts of these very exposed, very prone facilities. The overwhelming majority don't have a single cybersecurity person, haven't heard of Volt Typhoon, let alone know if and how they should defend themselves. Nor do they have the budget to do so. Turning to recent news and the escalation with Iran, is there anything that is more vulnerable at this moment? Are there any unique risks that Iran poses to the US? Whether it's Russia or Iran or China, all of them have shown they are willing and able to reach out to water facilities, power grids, hospitals, etc. I am most concerned about water. No water means no hospital in about four hours. Any loss of pressure to the hospital's pressure zone means no fire suppression, no surgical scrubbing, no sanitation, no hydration. What we have is increasing exposure that we volunteered into with smart, connected infrastructure. We want the benefit, but we haven't paid the price tag yet. And that was okay when this was mostly criminal activity. But now that these points of access can be used in weapons of war, you could see pretty severe disruption in civilian infrastructure. Now, just because you can hit it doesn't mean you will hit it, right? I'm not encouraging panic at the moment over Iran. I think they're quite busy, and if they're going to use those cyber capabilities, it's a safer assumption they would first use them on Israel. Different predators have different appetites, and prey, and motives. Sometimes it's called access brokering, where they're looking for a compromise and they lay in wait for years. Like in critical infrastructure, people don't upgrade their equipment, they use very old things. If you believe that you'll have that access for a long time, you can sit on it and wait patiently until the time and the place of your choosing. Think of this a little bit like Star Wars. The thermal exhaust port on the Death Star is the weak part. If you hit it, you do a lot of damage. We have a lot of thermal exhaust ports all over water and healthcare specifically. What needs to be done now to mitigate these vulnerabilities? We're encouraging something called cyber-informed engineering. What we've found is if a water facility is compromised, abrupt changes in water pressure can lead to a very forceful and damaging surge of water pressure that could burst pipes. If you were to burst the water main for a hospital, there would be no water pressure to the hospital. So if you wanted to say, 'let's make sure the Chinese military can't compromise the water facility,' you'd have to do quite a bit of cybersecurity or disconnect it. What we're encouraging instead, is something much more familiar, practical. Just like in your house, you have a circuit breaker, so if there's too much voltage you flip a switch instead of burning the house down. We have the equivalent of circuit breakers for water, which are maybe $2,000, maybe under $10,000. They can detect a surge in pressure and shut off the pumps to prevent physical damage. We're looking for analog, physical engineering mitigation. 'Think of this a little bit like Star Wars.' If you want to reduce the likelihood of compromise, you add cybersecurity. But if you want to reduce the consequences of compromise, you add engineering. If the worst consequences would be a physically damaging attack, we want to take practical steps that are affordable and familiar. Water plants don't know cyber, but they do know engineering. And if we can meet them on their turf and help explain to them the consequences and then co-create affordable, realistic, temporary mitigations, we can survive long enough to invest properly in cybersecurity later. Federal agencies under the Trump administration have faced budget and staffing cuts, does that lead to greater vulnerabilities as well? How does that affect the security of our critical infrastructure? Independent of people's individual politics, there was an executive order from the White House in March that shifts more of the balance of power and responsibility to states to protect themselves, for cybersecurity resilience. And it's very unfortunate timing given the context we're in and that it would take time to do this safely and effectively. I think, without malice, there has been a confluence of other contributing factors making the situation worse. Some of the budget cuts in CISA, which is the national coordinator across these sectors, is not great. The Multi-State Information Sharing and Analysis Center is a key resource for helping the states serve themselves, and that too lost its funding. And as of yet, the Senate has not confirmed a CISA director. We should be increasing our public private partnerships, our federal and state level partnerships and there seems to be bipartisan agreement on that. And yet, across the board, the EPA, Health and Human Services, Department of Energy and CISA have suffered significant reduction in budget and staff and leadership. There's still time to correct that, but we are burning daylight on what I see as a very small amount of time to form the plan, to communicate the plan, and execute the plan. Whether we want this or not, more responsibility for cyber resilience and defense and critical functions is falling to the states, to the counties, to the towns, to individuals. Now is the time to get educated and there is a constellation of nonprofit and civil society efforts — one of them is the good work we're doing with this but we also participate in a larger group called Cyber Civil Defense. And we recently launched a group called the Cyber Resilience Corps, which is a platform for anyone who wants to volunteer to help with cybersecurity for small, medium, rural, or lifeline services. It's also a place for people to find and request these volunteers. We're trying to reduce the friction of asking for help and finding help. I think this is one of those moments in history where we want and need more from governments, but cavalry isn't coming. It's going to fall to us.
The Independent
3 days ago
- Politics
- The Independent
The next battle of Britain will be fought under the sea – if we lose, the consequences will be disastrous
Imagine the scenario. You wake up and there is no power in your home. You can't turn on the lights or television, the freezer is defrosting, and there is no way to cook anything. The wifi is down, phone networks have ceased to operate, and cash machines don't function. The shops are shut, there is no power for the railways and airports, and hospitals are running on back-up generators – but for how long, nobody knows. The threat of this happening is no longer imaginary; it is being discussed at the highest levels. At recent conferences (all under the Chatham House Rule), speakers have noted that the loss of data transmission could cause UK supply chains across much of the economy to crash – leading to food shortages and widespread civil unrest. It has been firmly stated: this is no longer a hypothetical threat. An attack on critical infrastructure is not a question of if, but when. As it is announced that the UK is set to buy a fleet of new fighter jets capable of carrying nuclear weapons, many saw this as a huge win for the Royal Air Force. But others are arguing that we need to pay just as much attention to what's happening under our seas as we do in our skies. At its peak, the UK imports up to 15-20 per cent of its electricity from Europe – all carried by undersea cables. There are four main European gas pipelines, and 75 per cent of all UK gas arrives via undersea routes. Over 60 undersea cables carry internet traffic, telephony, and other data – more than 95 per cent of all data/internet flows travel beneath the sea's surface. Damage to or destruction of any of these pipelines or cables could have a serious impact on the UK. Protecting them must become a national priority because this is where a direct attack on our nation is most likely to happen. The vulnerability of undersea infrastructure is increasingly exposed, and the threat is being raised more frequently. Nord Stream 2, data cables between Finland and Estonia, and internet cables near Taiwan have all sustained damage due to attacks in recent years. Some of these incidents can be attributed to known actors – Taiwan's cable damage, for example, was reportedly caused by a China-linked cargo vessel reported to be dragging its anchor in the precise area of the cables. Other attacks remain unattributed, though there are strong suspicions – such as the Estonian incident being linked to Russia. The 2025 National Security Strategy, published yesterday, warned: 'Critical national infrastructure – including undersea cables, energy pipelines, transportation and logistics hubs – will continue to be a target.' It also provided a staggering estimate: 'The cost to repair a single damaged fibre optic cable is up to £1m, and £100m for power cables per incident.' It now must be assumed that a hostile actor – Russia being the most likely in the case of the UK – will seek to exploit the vulnerabilities of undersea cables during periods of heightened tension, with the aim of at least disrupting, if not crippling, the UK and Europe. In the transition to any conflict, it is highly likely that attacks on connecting cables would be carried out stealthily. Russia is believed to operate several dozen 'intelligence ships' that can monitor or attack undersea cables. The Yantar, for example, spent several weeks earlier this year patrolling the Irish Sea, surveying cables between the UK and Ireland using unmanned underwater vehicles (UUVs). It's also believed that Russian submarines have the capacity to launch similar UUVs capable of targeting undersea infrastructure. So, what can the UK do to counter this growing undersea threat? The 2021 Integrated Review announced that the Royal Navy /Royal Fleet Auxiliary would acquire a new type of ship: the multi-role ocean surveillance ship (MROSS), designed to protect critical undersea cables. Briefings suggested that at least three ships would be procured. In 2021, an offshore support vessel was bought, renamed RFA Proteus, and converted at Cammell Laird in Birkenhead. It entered full service in 2023, though it has experienced maintenance issues limiting its operations. A second MROSS – possibly UK-built – was discussed, but this year's strategic defence review gave no specific commitment to further vessels or new undersea capabilities, just some vague suggestions. While Starmer has signalled his intention to create a hybrid Royal Navy using AI and forming a new digital warfighter group, many are concerned that the new systems needed to counter the threat to underwater infrastructure won't arrive until the early 2030s. The 2025 review also suggested the Royal Navy may contract certain (unspecified) capabilities to commercial partners. Operating non-combat surveillance ships is one such option. Procuring a fleet of our own unmanned underwater vehicles to protect critical infrastructure was another key suggestion – but again, no confirmed details. Fixed sonar systems, once common during the Cold War in the North Atlantic, are being considered again, but plans remain unclear. If the consequences from an attack are as serious as are being discussed, defensive preparations feel far too vague and slow. The problem is evident. Despite the rising threat, investing in undersea defence has become less politically and financially appealing than purchasing warships. Using a £500m plus frigate to patrol oil or gas pipelines is still being seen as wasteful. In times of tight budgets, defence services often prioritise combat ships over support systems that don't directly contribute to warfighting. In a febrile 'war-footing' atmosphere, it's understandable that UK defence has many urgent and costly needs. But the threat of an attack on an electricity interconnector or a gas pipeline should not be underestimated. This would have grave consequences for the UK. We not only need increased surveillance of undersea infrastructure – we must also build the capability to repair and recover it quickly, should the worst happen. We need only look to the Finland-Estonia cable, which remained offline for over six months – even though its repair was made 'easier' by the relatively shallow waters (max depth around 100 metres). The North Sea (up to 700 metres), and the Atlantic (with an average depth of 3,000 metres), would pose far greater challenges. Does the UK have the capability to rapidly repair or replace a damaged cable or pipeline? Possibly. But with no real urgency in getting our underwater defences up to speed, all bets are off as to how the country would really cope with an undersea crisis.
Yahoo
6 days ago
- Politics
- Yahoo
After Trump attacks Iran, what experts and officials fear for the American homeland
In the wake of President Donald Trump's "massive precision strikes" on Iran, concerns have been raised both for Americans in the region and at home. A principal area of worry is cyberattacks by Iranian state actors, including targeting the banking system or energy grid. A recent Department of Homeland Security bulletin warned: "Iranian government-affiliated cyber actors will probably prioritize retaliatory attacks against Israeli targets in the short term but may target U.S. networks due to their perception of U.S. support for Israeli strikes." The bulletin urged domestic critical infrastructure entities to "immediately" assess and shore up their security. Such attacks have already infiltrated U.S. water and wastewater systems, according to the non-profit think tank Center for Internet Security, which briefed law enforcement on Friday. The Center was also concerned that Iran, in the wake of Israeli military strikes, might use "crude or escalatory tactics" or informal networks if its capabilities were degraded. "The likelihood of such attacks will increase if the U.S. strikes Iran or overtly provides military support to the Israeli air campaign," the group said. And the Center assessed that Iran's considerable network of proxy groups might be able to strike U.S. interests in the Middle East, though their capacity to strike the U.S. homeland was more limited. The groups, they assessed, while less sophisticated, could still disrupt public infrastructure and the private sector. MORE: Israel-Iran live updates: B-2 bombers, Tomahawk cruise missiles used in Iran strike On top of that was the fear of attacks by foreign nationals or American citizens inspired to strike the U.S. In 2018, the National Counterterrorism Center issued a report saying Iran-sponsored or Shia-inspired -- referring to one of the two major branches of Islam which is dominant in Iran -- terror on the U.S. homeland is unlikely, except if the U.S. were to attack Iran. "Given sustained bilateral U.S.-Iran tensions, the occurrence of such a catalyst could prompt Shia HVE [homegrown violent extremist] activity relatively quickly, underscoring the benefits of early engagement with Shia communities about indicators of HVE radicalization. Potential triggering events for such Shia HVE violence include U.S. military action against Iran." Iranian forces themselves have previously targeted American interests, hitting U.S. bases in the Middle East, for instance, after top Islamic Revolutionary Guard Corps commander Gen. Qassem Soleimani was killed in an American airstrike in Iraq in 2020. MORE: Trump said he was giving Iran a window to come to the table. He struck 2 days later. Iranian nationals have also carried out major cyberattacks. An Iranian national pleaded guilty last month to helping orchestrate the 2019 Baltimore, Maryland, ransomware attack that caused tens of millions of dollars in damage and disrupted critical city services. While prosecutors did not allege Sina Gholinejad was directed in his activities by the Iranian government, in announcing the case they warned more broadly of Iranian government-backed hacking groups targeting U.S. critical infrastructure. And in the summer of last year, the Justice Department also separately charged a Pakistani man with ties to the Iranian government for allegedly seeking to carry out political assassinations. Authorities told ABC News that among Asif Merchant's targets were Trump and other current and former U.S. officials.
South China Morning Post
06-06-2025
- Business
- South China Morning Post
More must be done in Hong Kong's cybercrime campaign
Far too many companies in Hong Kong have left themselves vulnerable to cyberattacks, according to a new police review that should warn all operators to immediately step up their game. Regular security checks are required by law for private firms with infrastructure deemed 'critical' for the normal functioning of society. The rules in place since March apply to an undisclosed list of players in sectors such as energy, information technology, banking, communications, maritime, healthcare and transport. Advertisement Police recently found that about 5 per cent of publicly accessible technology assets owned by such operators were vulnerable to online attacks. A first-of-its-kind review turned up loopholes in 4,500 out of 90,000 pieces of technology assets examined. The force also revealed that it had received over 440,000 pieces of intelligence on cyberthreats targeting the city last year. Hacking cases have been rising, with losses surging over the past two years. Greater diligence is required. Regulated firms have more than just a fear of hackers to prompt better security. Under the law, they may be fined up to HK$5 million for failing to keep their systems up to date. The companies are also now obliged to notify authorities of any breach within 12 hours. It is encouraging that police have quickly carried out an initial review. They found 495 assets at critical or high risk with issues such as staff login credentials exposed, unused subdomains that risk being taken over by hackers, or cloud services exposed to external access. Raymond Lam Cheuk-ho, chief superintendent of the cybersecurity and technology crime bureau, said if those 'critical or high-risk loopholes' were exploited, serious disruptions would be 'extremely likely'. Advertisement Companies involved have already taken steps to remedy loopholes discovered in the survey, but it is worrying that cyberattacks exploited obvious vulnerabilities such as insufficient monitoring of remote access computers, outdated security software, or poor cyberthreat response policies.
