Cybersecurity for Critical Infrastructure

Power Generation, Transmission and Distribution Companies and Authorities have essential distributed operational technology (OT) network assets that increase their attack surface and present attractive targets for attackers. Generation facilities, distribution & control assets, substations, transformer vaults and interconnection facilities are at continuous risk for cyber- attacks. Historically, this critical infrastructure sector has relied on isolation via separate network communications and control connections to protect against remote threats, and tight physical security to guard against local incidents. The advent of data-centric solutions required to safely operate and manage such complex environments with speed and efficiency has rendered the airgap nearly obsolete.  However, even air-gapped assets are at risk due to normal physical interactions. Vendors, third parties and employees frequently plug-in with external storage or internet connected devices for maintenance and monitoring, creating a vector for introduced threats.  

Oil, gas, and pipeline companies have been under heightened scrutiny for cyber security preparedness since the Colonial Pipeline attack in 2021. The industry has a very high concentration of essential and hard to serve distributed operational technology (OT) network assets and facilities such as wellheads, pump stations, and storage locations that create high-reward attack vectors that can lead to greater exposure to cyber-threats. Malicious cyber-attacks continue to threaten the energy industry -- disabling production and delivery of utilities and jeopardizing service. Even without the Federal mandate for compliance with emerging security regulations from the Cybersecurity and Infrastructure Security Agency (CISA), securing these critical assets is more crucial now than ever before.  

Water and Wastewater systems deliver essential and life sustaining services. Supply and treatment facilities, pump and lift stations, and storage locations are extremely susceptible to cyber-attacks. Protecting unmanaged or lightly managed, essential distributed water assets is challenging. This difficulty is compounded by asset location and the time it takes to ‘roll a truck’. Critical threat vectors include not only digital hackers but also “known good” connections by vendors, system integrators, and employees who oftentimes connect to the network for normal and customary maintenance and monitoring. Water systems are commonly victims of cyber-attacks. Aging and unsupported production and control equipment create broad opportunities for malware including vulnerability exploits and Ransomware attacks.  Budget constraints, regulatory rate pressure, and scarcity of highly trained and experienced cybersecurity personnel place added pressure on operators attempting to maintain an acceptable level of cybersecurity preparedness. Emerging cybersecurity regulations have operators scrambling for effective, active, efficient, reliable, and demonstrable compensating cyber controls to support the security program and maintain safe two-way communication across OT assets and facilities.  
 

The frequency of cyber-attacks on hospitals, healthcare organizations, and pharmaceutical companies are evolving at an alarming rate. These events threaten the quality of patient care and public safety. Ransomware attacks are in the news weekly and have seriously disrupted targeted health care systems to the point of disabling patient treatment and jeopardizing the confidentiality of health records for millions of patients. This sector is among the most highly interconnected IT/OT Critical Infrastructure industries. Despite all the meaningful value that is derived from the sharing of data in the space, the integration between critical OT systems and the pervasive IT environment creates myriads of targets and attack vectors for cyber criminals. 

Manufacturing and industrial control systems become more technologically advanced and interconnected in order to deliver on the promise of hyper efficiency and the never ending need to reduce the cost of production. While the high-speed interconnectedness and reliance on real-time telemetry has helped deliver on the efficiency promise, the level of concern with respect to cyber exposure has also increased, keeping pace with the technological advancements. Increasingly complex SCADA, autonomous robotic systems, offshore factories, and increased reliance on third party tools and providers should raise concerns for every manufacturer. Manufacturer data that is most interesting to cyber criminals includes information pertaining to patents, designs, plans, formulas, and intellectual property. Outside attacker motivations can range from espionage to financial gain. As manufacturers work to strike the right balance between the free flow of information required to boost productivity with security, there is an acute need for better tools, procedures, and risk mitigation strategies to protect valuable data. 
 

Companies and institutions in the financial services sector possess highly sensitive data, and therefore cyber-attackers typically consider the time, effort, and risk of attacking them to be well worth the potential reward. Even though these organizations have been among the most highly regulated and scrutinized industry segments, new attack strategies and deployment models emerge on a nearly continuous basis. While financial services companies need to leverage technology advances to support customer and competitive demands, they also need to provide superior security. Cyber criminals are becoming more powerful and abundant, leveraging their ability to stay small and wield the powers of distraction and destruction. Even though financial services firms remain a target of the largest most complex attacker organizations, the barrier to entry for new cyber-attacks continues to fall. Among the most difficult cyber challenge in financial services are threats that are initiated from nation states. This reality, along with the ever-increasing cost of failure and tightening regulatory requirements creates quite a security challenge. It is essential that financial services network security teams be proactive and vigilant with respect to new risk mitigation strategies. 

Cyber threats against state and local government and government agencies are on rise because of the criticality of the services they provide and the volume of personal data that they maintain for every citizen and business entity they serve. When these networks are flooded with illegitimate traffic computer files can be destroyed and dispatch centers can be rendered non-operational. These agencies can be held hostage by attackers seeking ransom for the volumes of private and confidential information they exfiltrate as part of an attack. Further, local first responders such as fire, police, emergency and 911 departments are often at the top of the target list of cyber criminals. These vital organizations typically do not have the most sophisticated security systems and may not have many security-savvy IT resources standing by to help in the event of a critical cyber event. Many local government agencies also provide critical utility services such as clean water, sewer, energy, transportation control, community health and education support services to their constituents. The networks of our first responders, public servants, and local and state governments that are so vital to ensure public safety and protect the lives, welfare, and property – including information and data – of our citizens are at great and growing risk and must be protected as part of the common good. 
 

Modern society simply cannot function without a finely tuned and efficiently operating transportation systems of all types, including over land and sea, by road, by rail, or through the air. The real-time flow of data and telemetry is critical to managing and monitoring this highly interconnected and vital critical infrastructure segment. It is not surprising that attacks against transportation industry companies, networks and facilities are common, with Ransomware leading the way. One only must check the headlines for details, but the effects of cyber-attacks are immediate and profound. The interdependencies that exist between tools and systems, private companies, and public agencies, local, state, federal and foreign governments that are necessary to ensure safe and effective operation of the transportation sector are staggering. This interconnected web dramatically increases the size of the threat surface for the entire industry, making it a prime target for Cyber Criminals and techno terrorists and nation states with malintent. It is imperative that transportation infrastructure entities of all sizes and scopes confront cyber threats from the external environment, interconnected partners, vendors, suppliers, and customers, and insider threats with vigilance and immediate decisive action.