Critical Infrastructure Cybersecurity Trends to Watch in 2022

image credit: © Ratz Attila |
Dennis Lanahan's picture
Vice President for Commercial Markets Owl Cyber Defense

Dennis Lanahan is a cybersecurity veteran with deep expertise in operational technology who serves as Vice President for Commercial Markets at Owl Cyber Defense. As a trusted advisor to operators...

  • Member since 2022
  • 1 items added with 2,286 views
  • Jan 27, 2022

This item is part of the Power Industry 2022 Trends & Predictions - January 2022 SPECIAL ISSUE, click here for more

2021 was an interesting year for critical infrastructure cybersecurity, and not in a good way. 

Along with the headlines we expect to see every year–ransomware attacks, newly discovered software vulnerabilities–last year gave us an unprecedented look at the real-world consequences that can follow from an attack against critical systems. Within a few weeks in May alone, we saw gas shortages caused by the Colonial Pipeline shutdown, followed by an attempt to poison the Oldsmar, Florida water supply via remote access. And the discovery of the Log4j remote code execution vulnerability in December has opened up a new world of threats that may take years to resolve.

Fortunately, the power industry was not involved in any of the year’s top cybersecurity stories, probably because it has historically led the way in developing and implementing security strategies for operational technology. But there can be no doubt that threat actors continue to seek new ways to attack and disrupt the electrical grid.

In 2022, the power industry and other critical infrastructure sectors will need to further strengthen their cyber defenses, while simultaneously taking advantage of cloud services and other technology to improve their efficiency and resilience. Here’s what to expect.

Continued Log4j Fallout

The Log4j remote code execution vulnerability will remain a primary focus for security teams in every sector of critical infrastructure. With hundreds of millions of devices potentially affected, it will be years before every vulnerable machine has been identified and remediated. 

In the meantime, network segmentation will be the single most important factor in protecting vulnerable systems from malicious outsiders. If industrial devices are isolated in secure networks that threat actors cannot see and cannot access, the chances of a catastrophic attack are dramatically lower. 

Secure Cloud Connectivity to Monitor Asset Performance

Given the increase of cloud connectivity and utilization, isolated OT environments are no longer a viable option for most critical infrastructure operators. When data is trapped inside facilities and cannot be accessed except by direct physical access, operators lose visibility into organization-wide device status and performance.

To maximize efficiency and plan maintenance, organizations need the ability to send data from secure OT networks to cloud-based analytics platforms. Doing this securely is the challenge, given Log4j and hundreds of other potential threats. Cybersecurity solutions are required to bridge the airgap, ensure full cybersecurity for the OT environment, and allow the flow of the required OT data for the use by the enterprise.

Look for the continued adoption of hardware-enforced one-way data transfer solutions, which allow data to travel out of a secure network while blocking all traffic from outside.

Asset Health

OT-to-cloud connectivity has other benefits as well, including helping organizations improve their security posture. By sending network data out of OT facilities (again, using secure transfer methods) to cloud-based security information and event management (SIEM) platforms, critical infrastructure operators can identify and remediate threats that might otherwise have gone unnoticed.

Cloud-based threat hunting and asset health has rapidly gained adoption in recent years, and should become even more widely used as organizations seek ways to minimize the impact of zero-day vulnerabilities and other cyber threats.

2022 is sure to have plenty of surprises in store. But with continued attention to network segmentation, secure connectivity, and proactive threat detection, the power industry can stay a step ahead of threats to the infrastructure we all depend on.

Paul Korzeniowski's picture
Paul Korzeniowski on Feb 21, 2022

Good points. The Internet offers utilities many benefits but as soon as you start to open up your networks, the possibility of an outsider breaking in increases. As a result, utilities need to make sure that they have enough checks in place to keep the bad guys out. 

Dennis Lanahan's picture
Thank Dennis for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »