Safeguarding Critical Infrastructure from Cyber Threats
Critical infrastructure security has become a paramount concern for businesses and governments. From power grids and water treatment plants to transportation systems and financial institutions, the smooth operation of physical and financial infrastructure is essential to society and the economy. With the rise of cyber threats that target infrastructure, protecting these systems from malicious actors is a growing challenge. With the recent collapse of the Key Bridge in Baltimore, there were initial fears that the damage could have been caused by a cyber-attack on the systems of the container ship that lost power and hit the bridge supports. At this point, the incident appears to be a tragic accident. Still, the specter of deliberate sabotage is a growing concern, and there are an increasing number of reported attacks on critical infrastructure.
Taking Measure of State-Sponsored Cyber Threats
All sectors of critical infrastructure face cybersecurity threats, but some are more vulnerable than others. Energy, transportation, and healthcare are particularly exposed due to reliance on interconnected networks. An attack on energy infrastructure could disrupt power grids, leading to widespread blackouts and economic disruptions. Attacks on transportation systems (such as the ongoing Houthi attacks on cargo ships) disrupt cargo shipments and can have a costly impact on the global supply chain.
There is increasing awareness of the potential damage from state-sponsored cyber attacks. In 2013, Iranian hackers infiltrated the control systems of the Bowman Avenue Dam in New York and nearly flooded a small town. The 2015 cyber attack on Ukraine's power grid by Russian hackers resulted in widespread power outages affecting hundreds of thousands of people. In 2017, the Wolf Creek nuclear power plant in Kansas was hacked. The most famous example of deliberate cyber industrial sabotage was the Stuxnet worm, discovered in 2010, which targeted Iran's nuclear facilities and exploited vulnerabilities in industrial control systems to sabotage centrifuges used in uranium enrichment, causing significant damage to Iran's nuclear program.
A Broad Range of Cyber Threats
There are multiple ways that malicious actors can attack critical infrastructure. Some of the attacks include:
- Ransomware Attacks: These attacks involve disabling systems or encrypting essential data, demanding a ransom to call off the attack. According to the FBI, there were 1,193 reported ransomware attacks against critical infrastructure organizations in 2023.
- Distributed Denial of Service (DDoS) Attacks: DDoS attacks overwhelm a system or network with a flood of traffic, rendering it inaccessible to legitimate users. Earlier this year a number of Swiss websites were targeted by Russian hackers to coincide with the visit of Ukraine's President Zelensky to the World Economic Forum in Davos.
- Cyber-Physical Attacks: These attacks leverage cyber intrusions to compromise operational systems, which could lead to significant physical damage or disruptions with potentially catastrophic consequences. Stuxnet is just one example of this type of attack.
- Supply Chain Attacks: Attacks against vendors or suppliers can compromise the security of critical infrastructure providers. The 2020 Global Supply Chain Cyberattack is believed to have resulted from a supply chain attack targeting software from SolarWinds, which had many federal institutions as clients.
Securing Operational Technology
A key challenge in securing critical infrastructure lies in the interconnection between IT (information technology) and OT (operational technology. OT systems control physical infrastructure (such as industrial control systems and supervisory control and data acquisition (SCADA) systems). They can operate in difficult environments and with requirements for reliability and resilience distinct from traditional IT systems. Securing OT systems presents several challenges, that include:
- Legacy Systems: Many OT systems were designed and implemented decades ago. These systems may lack modern security features, and upgrades can be difficult, costly, and disruptive, making them attractive targets for attackers.
- Complexity: Operational Technology systems can be complex and heterogeneous, interconnected systems from multiple vendors. Managing and securing diverse systems with different security protocols and standards can be challenging.
- Operational Impact: Because OT systems are typically operational 24/7, it can be challenging to implement security measures while avoiding disruption to critical operations.
Regulatory Responses and Mandating Cyber Policies
Regulators are addressing the challenges of securing critical infrastructure. In the U.S., NIST (National Institute of Standards and Technology) recently released Cybersecurity Framework 2.0, which provides guidelines for organizations of all sizes (with new features that highlight the importance of governance and supply chains.) The North American Electric Reliability Corporation instituted Critical Infrastructure Protection requirements for electric utilities to safeguard against cyber attacks. The European Union's Network and Information Security Directive requires critical infrastructure providers to implement appropriate security measures and report cyber incidents.
Successfully securing critical infrastructure against cyber threats requires collaboration between government agencies, industry stakeholders, and cybersecurity experts. This involves addressing the challenges of securing OT systems, understanding vulnerabilities and threats, and implementing regulatory requirements. At Momenta, we believe in the opportunities in the industrial cybersecurity market, which is forecast to reach $20.5bn by 2030.
One of the notable Momenta portfolio companies is Xage Security, which focuses on solutions that protect against evolving cyberattacks on critical infrastructure and operational technology. The company's platform helps control user-to-machine, machine-to-machine, and every transmission of data within and outside of the organization.
Momenta is the leading Industrial Impact venture capital firm, accelerating digital innovators across energy, manufacturing, smart spaces, and supply chain. Our team of deep industry operators has helped scale industry leaders and innovators to improve critical industries, the environment, and people's quality of life for over a decade.
Share it
