With cyberthreats targeting operational technology (OT) and SCADA systems, IT leaders are tightening their defenses. Cybersecurity threats to U.S. critical infrastructure are growing at an alarming rate, according to recent reports from the federal Cybersecurity and Infrastructure Security Agency (CISA). Recent operations by Chinese state-sponsored threat actor Volt Typhoon reveal that they are hiding in water and energy systems, waiting to strike.
“In the last six months, our incident response effort has confirmed that [People’s Republic of China] cyber actors have been on our critical infrastructure networks for, in some cases, up to the last five years,” said Andrew Scott, associate director for China operations at CISA, during a conference presentation in Washington, D.C., in March.
In fact, 67% of energy, oil and gas, and utilities organizations have been hit by ransomware attacks in 2024, notes a recent Sophos report. Among those hit with ransomware in this sector, 98% said that the cybercriminals also attempted to compromise their backups during the attack; 4 in 5 of those attempts were successful. With nation-state threat actors lying dormant in U.S. critical infrastructure, the risk factor is incredibly high. “When we talk about the societal-panic goal here, the worst-case outcome that we’re concerned about is not a one-off event,” Scott told the D.C. conferencegoers. “It is not a single hospital, it is multiple sectors simultaneously being disrupted, with services being out. So, imagine the impact of having multiple water utilities out, multiple communication entities out, multiple energy providers out in your region or in your state. That’s the strategy that we see, and those are the sectors that we’ve confirmed compromised.”
To safeguard these vital systems, IT leaders are shifting from siloed security to a more integrated approach. But this process involves fostering cross-sector collaboration and cultivating a culture of proactive security. It also means revving up the number of incident response protocols, patch management, and tabletop exercises. Here are a few best practices IT leaders should consider:
Breaking Down Silos in Critical Infrastructure Systems
One challenge of securing critical infrastructure is that fragmented data exists in silos across different sectors such as energy, water, transportation, and manufacturing. For years, each industry built separate infrastructures to support their operational needs, which ultimately created more disjointed communication, delayed emergency response times, operational inefficiencies, and limited coordination between teams.
Breaking down such silos requires a culture shift to open communication and collaboration. This increases the likelihood of cross-sector partnerships and shared threat intelligence that can be used to build a comprehensive defense strategy. The interdependence of critical infrastructure is precisely why teams need to develop contingency plans, such as mutual aid agreements, that support other sectors in the event of an attack.
By sharing real-time information, IT leaders can better coordinate their emergency responses. Hosting joint training sessions and threat modeling simulations can also build trust. Organizations can also invest in better security operations centers that monitor and respond to threats across multiple sectors and offer visibility into response strategies.
Enhancing Incident Response Protocols
Given the sophisticated nature of cyber threats from nation-state actors, robust incident response protocols are crucial. The traditional reactive approach is no longer sufficient; a proactive stance must be adopted. This involves regular updating and testing of incident response plans to ensure they are effective and comprehensive.
The CISA recommends conducting regular tabletop exercises that simulate real-world attack scenarios. These exercises help identify weaknesses in current protocols and improve coordination among different teams and sectors. Furthermore, having a well-defined incident response team with clear roles and responsibilities can significantly reduce response times and mitigate the impact of an attack.
Statistics from a Ponemon Institute study reveal that organizations with a well-practiced incident response plan can reduce the cost of a data breach by up to $2 million. This underscores the importance of preparedness and the value of investing in incident response capabilities.
Implementing Advanced Threat Detection and Prevention Technologies
The integration of advanced threat detection and prevention technologies is essential in protecting critical infrastructure from sophisticated cyber threats. This includes the deployment of artificial intelligence (AI) and machine learning (ML) technologies that can analyze vast amounts of data and detect anomalies indicative of a potential attack.
AI and ML can enhance the capabilities of security operations centers by providing real-time threat intelligence and automated responses to identified threats. For example, a report by Gartner indicates that AI-driven security operations can reduce the time to detect and respond to threats by up to 90%, significantly minimizing potential damage.
Additionally, leveraging endpoint detection and response (EDR) and network detection and response (NDR) solutions can provide comprehensive visibility into the entire network infrastructure, enabling faster detection and mitigation of threats.
Strengthening Patch Management Practices
Vulnerabilities in software and systems are often exploited by nation-state threat actors to gain access to critical infrastructure. Therefore, maintaining an effective patch management program is vital. This involves not only applying patches and updates promptly but also prioritizing them based on the severity of the vulnerabilities and the criticality of the systems involved.
A survey by the SANS Institute found that 60% of successful cyberattacks exploited known vulnerabilities for which patches were available but not applied. This highlights the need for organizations to adopt a more disciplined approach to patch management.
Automated patch management solutions can help streamline the process by identifying and deploying necessary updates across the entire infrastructure. Furthermore, organizations should establish a regular patching schedule and conduct audits to ensure compliance.
Fostering a Culture of Proactive Security
Finally, securing critical infrastructure requires a cultural shift towards proactive security. This involves fostering a security-conscious mindset among all employees, from top executives to frontline workers. Regular training and awareness programs can help instill the importance of cybersecurity and educate employees on best practices for preventing and responding to threats.
Building a culture of proactive security also means encouraging collaboration and information sharing across sectors. This can be achieved through industry partnerships, government initiatives, and participation in threat intelligence sharing platforms.
A proactive security culture empowers organizations to anticipate and defend against potential threats more effectively. It also promotes a unified approach to cybersecurity, ensuring that all stakeholders are aligned in their efforts to protect critical infrastructure.
Conclusion
In conclusion, securing critical infrastructure from nation-state threat actors is a complex and ongoing challenge. However, by breaking down silos, enhancing incident response protocols, implementing advanced threat detection technologies, strengthening patch management practices, and fostering a culture of proactive security, IT leaders can significantly improve their defenses.
The stakes are high, and the potential consequences of a successful attack are severe. Therefore, it is imperative that organizations take a comprehensive and integrated approach to cybersecurity, leveraging the latest technologies and best practices to protect their vital systems and services.
As the landscape of cyber threats continues to evolve, so too must our strategies and defenses. By staying vigilant and proactive, we can safeguard our critical infrastructure and ensure the continued safety and stability of our society.
