close
close

How to Secure Critical Infrastructure from Nation-State Threats

Posted on by darion

Cybersecurity threats to critical U.S. infrastructure are growing at an alarming rate, according to recent reports from the federal Cybersecurity and Infrastructure Security Agency. Recent operations by Chinese state-sponsored threat actor Volt Typhoon reveal that they are hiding in water and power systems, waiting to attack.

“Over the past six months, our incident response efforts have confirmed that (People’s Republic of China) cyber actors have had a presence in our critical infrastructure networks for, in some cases, as long as five years,” Andrew Scott, deputy director for China operations at CISA, said during a conference presentation in Washington in March.

In fact, 67% of organizations in the energy, oil and gas, and utilities industries will be victims of ransomware attacks in 2024, notes a recent Sophos report. Of those hit by ransomware in this sector, 98% said cybercriminals also tried to compromise their backups during the attack; 4 out of 5 of those attempts were successful.

Click on the banner below to learn why cyber resilience is essential to enterprise success.

With state threat actors dormant in critical U.S. infrastructure, the risk factor is incredibly high. “When we talk about the target of social panic, the worst-case scenario that we’re worried about is not a one-time event,” Scott told a conference in D.C. “It’s not a single hospital, it’s multiple sectors being disrupted at once, with service disruptions. So imagine the impact of multiple water utilities being down, multiple communications, multiple power providers in your region or state being down. That’s the strategy that we’re seeing, and those are the sectors that we’ve confirmed are at risk.”

To secure these critical systems, IT leaders are moving from siloed security to a more integrated approach. But that process includes fostering cross-sector collaboration and cultivating a culture of proactive security. That also means increasing incident response protocols, patch management, and tabletop exercises. Here are some best practices IT leaders should consider:

Breaking down silos in critical infrastructure systems

One of the challenges of securing critical infrastructure is that distributed data exists in silos across sectors, such as energy, water, transportation, and manufacturing. Over the years, each industry has built separate infrastructures to support its operational needs, ultimately leading to more fragmented communications, delayed emergency response times, operational inefficiencies, and limited coordination across teams.

Breaking down these silos requires a culture shift toward open communication and collaboration. This increases the likelihood of cross-sector partnerships and sharing threat intelligence that can be used to build a comprehensive defense strategy. The interdependence of critical infrastructure is precisely why teams must develop contingency plans, such as mutual aid agreements, that support other sectors in the event of an attack.

By sharing information in real time, IT leaders can better coordinate their emergency responses. Hosting joint training sessions and threat modeling simulations can also build trust. Organizations can also invest in better security operations centers that monitor and respond to threats across multiple sectors and provide visibility into response strategies.

Click on the banner below to read the CDW Cybersecurity Research Report 2024.

Modernizing Legacy Systems to Increase Cyber ​​Resilience

Too often, critical infrastructure organizations rely on outdated operational technology and supervisory control and data acquisition (SCADA) systems that were not designed with today’s threats in mind. These legacy systems come with a host of challenges. For example, they may not support current security measures and may not be able to run updates without causing downtime.

Modernizing infrastructure systems requires a rigorous, phased approach. Organizations should prioritize the most critical vulnerabilities with incremental updates, then integrate newer technologies to intentionally improve security over time. Second, they should segment their networks to isolate outdated systems and limit the potential spread of an attack. Third, they should deploy advanced monitoring tools with anomaly detection capabilities to scan for suspicious activity. And fourth, they should use patch management services to regularly update older systems and close vulnerabilities.

RELATED: How to protect SCADA networks in the face of constantly changing threats.

Addressing Supply Chain, Third Party and Insider Threat Issues

In addition to direct attacks on critical infrastructure, there are also threats that can emerge in supply chains, via external suppliers and employees. These threats are particularly challenging because they exploit trusted relationships and systems that may require privileged access but are integral to day-to-day operations. Insider threats can be unintentional (resulting from a lack of awareness) or intentional (motivated by malice or coercion).

That’s why risk assessments must encompass all elements of the IT ecosystem to ensure they comply with rigorous cybersecurity standards. Securing critical infrastructure means committing to cyber resilience through regular audits and continuous system monitoring. Only then can organizations strengthen their defenses for a more secure future.