As we wrap up the first quarter of 2023, the security of utilities and other entities in critical infrastructure continues to be top of mind among cybersecurity practitioners.
The year began with a sobering January report from Nozomi Networks, outlining the worsening threat landscape for critical infrastructure during the second half of 2022. Organizations in oil and gas, power transmission, water, and transportation had suffered a range of attacks on their OT, ICS, and industrial IoT systems. The authors of the report predicted that their cyber threat landscape in 2023 would be “marked with continued complexity and sophistication as attackers evolve their strategies for exploiting vulnerable systems and networks.”
An even more concerning report in February, from the U.S. Government Accountability Office, found that the nation’s critical infrastructure had failed to implement more than half of the recommendations it had made since 2010 for shoring up their cybersecurity. “Until these are fully implemented,” the report stated, “key critical infrastructures will continue to have increased cybersecurity risks to their systems and data.”
And, just this week, the US Cybersecurity and Infrastructure Security Agency (CISA) issued advisories on dozens of vulnerabilities in eight ICSs commonly used in energy and other sectors of critical infrastructure. As reported in CSO, “Many of the vulnerabilities in CISA’s advisory are remotely exploitable, involve low attack complexity, and allow attackers to take control of affected systems, manipulate and modify settings, escalate privileges, bypass security controls, steal data, and crash systems.”
It is essential for utilities and other organizations to begin implementing security strategies that are suited to protecting the uniquely vulnerable IT and OT systems used in critical infrastructure. Network segmentation is often recommended as part of that strategy. But if a network segment that hosts a critical system is discovered and breached, that approach hasn’t helped.
But what if you could segment critical IT and OT systems into an off-the-grid network enclave – one that’s invisible and undiscoverable to anyone who isn’t authorized to access it? Such cloaked network capabilities are available as a service, with capabilities such as dynamic IP routing and unlisted access points specifically designed to keep threat actors from knowing that your critical systems exist at all.
To learn how virtual obfuscation networks can protect your critical infrastructure organization from today’s evolving cyber threats, download a copy of our latest ebook: Utilities in the Breach: Hide Your ICS and Other Critical Operational Assets from Cyber Threats and Attacks.