Alongside the COVID-19 pandemic, cybersecurity threats soared. Ransomware attacks, phishing scam campaigns, and other attack methodologies reached all-time highs, prompting companies to spend a record amount to enhance their defensive postures.
However, always ready to capitalize on vulnerabilities, threat actors are now targeting critical infrastructure, including water and energy facilities. While the ransomware attack on Colonial Pipeline attracted the most media coverage because of the startling scenes of supply shortages and gas lines, a new joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, and the U.S. EPA, highlights more expansive challenges for critical infrastructure.
According to the report, several water facilities were targeted in 2021, disrupting both information technology (IT) and operational technology (OT) systems and exploiting vulnerabilities in critical IT and OT systems, which can pose major risks to operations as well as public safety.
Specifically, the report notes, “The increased use of remote operations due to the COVID-19 pandemic increases the necessity for asset owner-operators to assess the risk associated with enhanced remote access to ensure it falls within acceptable levels.”
In response, utilities must recalibrate their cybersecurity efforts, ensuring that they can secure OT operations. For those tasked with making or evaluating those decisions, here are three priorities for securing OT infrastructure.