In a rapidly digitizing world, critical infrastructure such as energy, transportation, and healthcare are increasingly connecting information technology (IT) and operational technology (OT) to enhance efficiency and reduce costs. However, this convergence poses significant security risks if effective measures are not put in place. Organizations must adopt an “assume breach” mindset, acknowledging that breaches are inevitable, and establish policies to detect and mitigate the impact of bad actors once they enter the system.
The encouraging news is that the majority of organizations are aware of the importance of strengthening their security postures. According to a recent Gartner report, 81% of organizations are actively searching for vulnerabilities in their systems, going beyond mere cyber awareness.
The critical infrastructure sector is a prime target for bad actors, prompting the federal government to take steps towards better securing these systems. New policies, tactics, and dedicated committees are being implemented to safeguard critical infrastructure. The consequences of a successful attack on such systems could range from widespread blackouts to disruptions in national transportation networks, putting lives at risk. The Colonial Pipeline cyberattack two years ago serves as a stark reminder of the potential impact of such attacks. In addition, attackers often expect victims to pay ransom demands in order to regain control of their encrypted systems.
So, what are the vulnerabilities in the public sector’s IT and OT connections, and what solutions are available to address them?
Older legacy systems were not designed with cybersecurity as a priority, making it challenging to guarantee the safety of interconnected systems using standard network controls. In the past, agencies commonly relied on the podium model, where networks were organized in layers separated by firewalls. However, this approach presents a security challenge because each layer is regarded as a trusted network. If malware infects one layer, it can quickly spread undetected to all connected workloads and devices.
The energy sector, in particular, faces increased exposure to ransomware attacks due to its heavy reliance on OT. Once bad actors gain access to an organization, malware can spread throughout connected systems, or attackers can manually infiltrate the network to target critical areas. Conversely, if the main IT environment is compromised, ransomware can spread to all interconnected cyber-physical systems.
Given the lack of a one-size-fits-all approach to detecting and mitigating cyberattacks, critical infrastructure must become more proactive by adopting an “assume breach” mindset. This approach shifts the focus from keeping bad actors out to implementing policies that only allow trusted individuals in. In an environment where single devices run multiple applications, it is crucial to control which endpoints and networks a device interacts with, assess potential risks, and establish appropriate rules when necessary.
As the pandemic forced many people to work from home, organizations installed various systems and applications on individual devices like laptops and mobile phones. This has created numerous areas for compromise, necessitating a shift in mindset from protecting the network to safeguarding each individual endpoint. The convergence of OT and IT requires a convergence of security measures to protect both of these environments.
The Biden administration has issued zero-trust mandates to compel the US government to adopt a cybersecurity approach focused on building resilience. The principles behind zero trust are increasingly recognized and implemented worldwide, regardless of the specific solutions organizations choose. It involves changing the mindset and approach to cybersecurity, ensuring that organizations can plan accordingly in the event of an attack and its subsequent consequences.
In conclusion, as critical infrastructure becomes increasingly digitized, organizations must prioritize security to mitigate the risks associated with connecting IT and OT systems. Adopting an “assume breach” mindset and implementing zero-trust principles can significantly enhance resilience and minimize the impact of bad actors. With the growing recognition of these measures and the support of government initiatives, organizations have the opportunity to bolster their security postures and protect critical infrastructure from cyber threats.