Cybersecurity threats to U.S. critical infrastructure are growing at an alarming rate, according to recent reports from the federal Cybersecurity and Infrastructure Security Agency. Recent operations by Chinese state-sponsored threat actor Volt Typhoon reveal that they are hiding in water and energy systems waiting to strike.
“In the last six months, our incident response effort has confirmed that [People’s Republic of China] cyber actors have been on our critical infrastructure networks for, in some cases, up to the last five years,” said Andrew Scott, associate director for China operations at CISA, during a conference presentation in Washington, D.C., in March.
In fact, 67% of energy, oil and gas, and utilities organizations have been hit by ransomware attacks in 2024, notes a recent Sophos report. Among those hit with ransomware in this sector, 98% said that the cybercriminals also attempted to compromise their backups during the attack; 4 in 5 of those attempts were successful.
Click the banner below to learn why cyber resilience is essential to enterprise success.
With nation-state threat actors lying dormant in U.S. critical infrastructure, the risk factor is incredibly high. “When we talk about the societal-panic goal here, the worst-case outcome that we’re concerned about is not a one-off event,” Scott told the D.C. conferencegoers. “It is not a single hospital, it is multiple sectors simultaneously being disrupted, with services being out. So, imagine the impact of having multiple water utilities out, multiple communication entities out, multiple energy providers out in your region or in your state. That’s the strategy that we see, and those are the sectors that we’ve confirmed compromised.”
To safeguard these vital systems, IT leaders are shifting from siloed security to a more integrated approach. But this process involves fostering cross-sector collaboration and cultivating a culture of proactive security. It also means revving up the number of incident response protocols, patch management and tabletop exercises. Here are a few best practices IT leaders should consider:
Breaking Down Silos in Critical Infrastructure Systems
One challenge of securing critical infrastructure is that fragmented data exists in silos across different sectors such as energy, water, transportation and manufacturing. For years, each industry built separate infrastructures to support their operational needs, which ultimately created more disjointed communication, delayed emergency response times, operational inefficiencies, and limited coordination between teams.
Breaking down such silos requires a culture shift to open communication and collaboration. This increases the likelihood of cross-sector partnerships and shared threat intelligence that can be used to build a comprehensive defense strategy. The interdependence of critical infrastructure is precisely why teams need to develop contingency plans, such as mutual aid agreements, that support other sectors in the event of an attack.
By sharing real-time information, IT leaders can better coordinate their emergency responses. Hosting joint training sessions and threat modeling simulations can also build trust. Organizations can also invest in better security operations centers that monitor and respond to threats across multiple sectors and offer visibility into response strategies.
Click the banner below to read the 2024 CDW Cybersecurity Research Report.
Modernizing Outdated Systems for Enhanced Cyber Resilience
Too often, critical infrastructure organizations rely on legacy operational technology and supervisory control and data acquisition (SCADA) systems that were not designed with modern threats in mind. These outdated systems harbor a host of challenges. For instance, they may not support current security measures, and they may not be able to run an update without causing downtime.
Modernizing infrastructure systems requires a rigorous, phased approach. Organizations should prioritize the most critical vulnerabilities through incremental updates, then, integrate newer technologies to purposefully improve security over time. Next, they should segment their networks to isolate outdated systems and limit the potential spread of an attack. Third, they should deploy advanced monitoring tools with anomaly detection capabilities to scan for suspicious activities. And fourth, they should make use of patch management services to regularly update legacy systems and close security gaps.
RELATED: How to protect SCADA networks in an evolving threat landscape.
Addressing Supply Chain, Third-Party and Insider Threats
In addition to direct attacks on critical infrastructure, there are also threats that can surface in supply chains, through third-party vendors and from employees. These threats are particularly challenging because they exploit trusted relationships and systems that may require privileged access but are integral to daily operations. Insider threats can be inadvertent (resulting from a lack of awareness) or deliberate (motivated by malice or coercion).
This is precisely why risk assessments must also encompass all elements of the IT ecosystem to ensure they adhere to stringent cybersecurity standards. Securing critical infrastructure means committing to cyber resilience with regular audits and continuous system monitoring. Only then can organizations fortify their defenses for a safer future.