In recent months, experts have documented a dramatic uptick in cyberattacks on critical infrastructure, both within the United States and around the world. Driven by a wide range of factors, including political and financial motives, these attacks attempt to disrupt operations and interfere with critical systems that manage access to water and energy. For example, in November, a pro-Iran group hacked a Pennsylvania water utility, breaching some of its industrial assets and forcing the Municipal Water Authority of Aliquippa (MWAA) to replace all Israeli-made equipment. Shortly thereafter, the UK’s most hazardous nuclear energy site, Sellafield, was also hacked by cyber groups linked to Russia and China. Since then, several other utility companies as well as ports, hospitals and financial service providers throughout the U.S. have also been targeted, representing a pattern of attacks with potentially severe consequences for operations, national security and public welfare.
Following the recent series of attacks on critical infrastructure companies, the U.S. government formally called on companies in the utility, transportation and healthcare management sectors to strengthen their cybersecurity efforts. Due to the increased interconnectivity of these organizations and the systems they use to maintain key operations, critical infrastructure organizations face a heightened risk of being attacked by malicious actors. Because the digital and technological systems running these organizations are often similar and may be tied to one another in some ways, an attack on one can create a domino effect. Once someone knows how to infiltrate one company, they may be able to apply the same techniques to companies with similar technologies to create an even larger impact. As the threat landscape continues to expand and critical infrastructure companies continue to be a primary target, thorough and comprehensive cyber risk management capabilities are essential.
It can be particularly challenging for these operational facilities to approach such issues, however, as thorough cyber risk management encompasses a multifaceted list of processes and procedures to effectively mitigate threats. Many of these companies, especially ones of smaller scale, are overwhelmed and do not know where to begin. Despite the complexity associated with strengthening cybersecurity measures, it is imperative for these organizations to make the changes necessary to bolster their security posture and protect against the ever-evolving threat landscape.
How to Strengthen Cyber Risk Management for Critical Infrastructure
Although it can be daunting for these operational facilities to begin addressing potential shortcomings in their security infrastructure, it is absolutely necessary. For organizations in the critical infrastructure sector to best protect against breaches, the following actions can help strengthen cybersecurity posture and minimize the risk of an attack:
- Have visibility of your cyber assets. Without visibility, an organization has no way to completely manage risk. Visibility is a key component in the ability to effectively identify and manage your assets, assess potential vulnerabilities, ensure compliance with regulatory requirements, and protect data.
- Make risk-driven cybersecurity decisions. To help ensure that you are catching all potential risks before they become issues, leverage information from within your organization as well as trends from similar companies and the industry to inform risk-driven cybersecurity management strategies. Prioritize mitigation actions that drive a real reduction of risk.
- Ensure your risk mitigation tools and controls are at least as strong as those of your peers and competitors, if not stronger. Attackers look for the weakest target. It is important to ensure you have technology in place to detect vulnerabilities and potential threats and contextualize them to your unique environment to protect your organization from being identified as particularly susceptible to breaches.
- Understand how critical infrastructure cyberrisks evolve over time, driven by internal or external drivers. Malicious actors are constantly adapting their methods to attack critical infrastructure, and the cyberrisk landscape is constantly changing. Organizations should be tuned in to the market to be constantly aware of what is going on in the industry and how to adapt and improve security posture. Aim to stay one step ahead and ensure that your technology is working offensively rather than defensively.
- Apply the correct technology and tools for the job. Do not rely on simplistic spreadsheets, maturity assessments, heat maps or risk scores to assess cyberrisk—the underlying risk is just too complex for many traditional, more manual approaches. Newer technology options, including second-generation cyber risk quantification management (CRQM) tools, can provide deep and thorough analysis of the impact of potential threats and main drivers of risk to help companies better prevent malicious actors.
By strengthening cybersecurity infrastructure and utilizing appropriate technology to accurately identify and address elements that contribute to any increased cyber vulnerability, organizations can prevent catastrophic attacks and secure their operations and assets against harmful interference.