68.6 F
Washington D.C.
Monday, October 14, 2024

PERSPECTIVE: Cyber Threats are Here to Stay: 3 Tips for Defending U.S. Critical Infrastructure Under Siege

Critical infrastructure is the backbone of modern society. From power grids and transportation networks to healthcare systems and financial institutions, these vital structures sustain our way of life. The importance of improving their security cannot be overstated.  

In the last handful of years, widespread digitization has expanded the attack surface. Beyond financial repercussions, security breaches erode public trust and underscore the profound ramifications of compromised data integrity within critical sectors. Threats are evolving, and security teams are still struggling to keep up, with disastrous consequences. 

Today, CISA, the NSA, the FBI, and others continue to respond to Chinese state-sponsored threat actor Volt Typhoon’s operations against U.S. water and critical infrastructure targets. With the combination of nation-state threats, legacy operational technologies adding additional vulnerabilities, and frequent human errors, critical infrastructure attacks are only expected to worsen this year, furthered by increasing global conflict and volatility.  

Looking forward, organizations can take proactive measures to ensure their people, processes, and partners are aligned on cybersecurity best practices. After all, the critical infrastructure supply chain is only as strong as its weakest link. 

Breaking Down Silos for Enhanced Information Sharing 

The need for improved information sharing and collaboration has never been more pressing. With our nation’s critical infrastructure spread across sixteen diverse sectors, ranging from energy and transportation to healthcare and telecommunications, siloed information makes it more challenging to swiftly detect, respond to, and recover from threats. We must standardize protocols and procedures for sharing cybersecurity information and incident data between sectors. This includes defining data formats, communication methods, and information-sharing agreements to streamline exchanges while ensuring data confidentiality and security. 

Critical infrastructure organizations should prioritize creating dedicated communication channels, such as forums, mailing lists, inter-sector workshops, and online platforms where cybersecurity professionals from different sectors can share information, insights, and best practices. By fostering a culture of information sharing and breaking down those barriers between sectors, security professionals can use collective intelligence to anticipate and counter emerging threats more effectively. Initiatives such as the Cybersecurity and Infrastructure Security Agency (CISA)’s efforts to facilitate cross-sector collaboration and create Information Sharing and Analysis Centers (ISACs) serve as model approaches to promote collaboration and strengthen our national resilience against cyber threats. 

Addressing the Vulnerabilities of Operational Technology (OT) Systems 

With the rapid digitization and integration of operational technology (OT) systems into critical infrastructure networks, OT security challenges have become increasingly pronounced. Unlike traditional IT systems, OT environments often operate on legacy systems that were not designed with modern cybersecurity in mind, making them particularly susceptible to exploitation. As technology evolves, vendors may even discontinue support for older OT systems, leaving users without access to security updates or technical assistance. This exposes critical infrastructure organizations to emerging threats without the recourse to mitigate them effectively. The convergence of IT and OT networks also introduces complex vulnerabilities that adversaries can exploit to disrupt essential services and compromise critical infrastructure operations.  

Addressing these vulnerabilities requires a multifaceted approach that includes technological upgrades and enhanced cybersecurity measures tailored to the unique characteristics of OT environments. Critical infrastructure organizations should first prioritize modernizing and upgrading outdated OT systems wherever possible, implementing more robust cybersecurity measures. From there, security teams should regularly assess and patch vulnerabilities. At the administrative level, executives should invest in staff training to enhance overall cyber resilience. By bolstering intrusion detection systems, network segmentation, and secure remote access solutions, organizations can strengthen their OT infrastructure resilience and mitigate the risk of cyber incidents that could have cascading impacts on national security and public safety. 

Mitigating Complex Threats Across the Supply Chain and Beyond 

In an interconnected landscape, critical infrastructure security extends beyond the boundaries of individual sectors, encompassing widespread supply chain, third-party, and insider threats. Reliance on external vendors, service providers, and partners introduces additional vectors to exploit. Interdependencies highlight the need for comprehensive risk management strategies that extend across the entire supply chain. 

Navigating the landscape of critical infrastructure threats requires grappling with this inherent complexity. The SolarWinds supply chain attack of 2020 is an example of how many intricate moving parts interact with one another to keep systems running seamlessly—trusted software was infiltrated, and from that initial foothold, numerous government agencies and corporations were compromised. By exploiting the interconnected nature of digital supply chains, adversaries orchestrated a stealthy campaign of espionage, evading detection for months on end.  

Organizations must adopt a risk-based approach to identify and mitigate vulnerabilities at every stage of the supply chain, from procurement and vendor management to distribution and deployment. Moreover, fostering transparency and accountability through robust governance frameworks and contractual agreements is essential for establishing trust and resilience in the face of evolving threats. 

This Year and Beyond 

As critical infrastructure sectors become increasingly interconnected, the resilience of our nation’s security—and our public’s safety—hinges on our ability to navigate and mitigate the complex array of threats emanating from both within and beyond our borders. By prioritizing collaboration, innovation, and risk management, we can safeguard the foundation of our critical infrastructure and our economic prosperity. 

Michael Welch
Michael Welch
Michael Welch is a leader in cybersecurity and technology with over 20 years of experience in risk management, compliance, and critical infrastructure. He previously served as the global Chief Information Security Officer (CISO) for OSI Group, a privately-owned food processing holding company that services some of the world’s best-known brands throughout 17 countries. In addition, he has worked with Burns & McDonnell, Duke Energy Corp. and Florida Power & Light, among other companies. He is an accomplished CISO, senior manager, and security consultant, leading teams of InfoSec engineers, architects, and analysts to deliver complex cybersecurity transformations. With MorganFranklin, Welch focuses on industrial control systems, identifying and mitigating security threats to critical infrastructure and ensuring compliance with industry standards. He extends his passion around staying up to date with the latest advancements and effectively communicating complex technical concepts to non-technical stakeholders, supporting MorganFranklin's commitment to delivering secure and reliable systems for clients across various industries.

Related Articles

Latest Articles