Blog | Apr 19, 2022 10:13:54 AM
Let’s face it... for most people in the world, the underlying critical infrastructure - the heartbeat of
civilization – is a surreptitious convenience. When the Colonial Pipeline was taken offline, social-media
outcry was focused on long lines at the gas pump and how days were being ruined from the wait. Not
conveyed is the amount of work behind the scenes to protect these everyday conveniences.
In the recent months, global events in Eastern Europe cast light on just how sensitive our energy
infrastructure is to cyber-attacks. Spreading across Energy, Water/Wastewater Systems, Chemical, and
Transportation, U.S. Infrastructure remains in the global crosshairs of organizations looking to profit
from vulnerabilities. Recently, the Cybersecurity & Infrastructure Security Agency (CISA) released
updates to the Pipeline Cybersecurity Initiative, to help identify and address cybersecurity risks to
enhance the security and resiliency of the Nation’s pipeline infrastructure. In part, this initiative provides
a platform to share information and develop plans for risk mitigation strategies. It also provides
recommendations based on assessment findings to help the private sector protect operational
infrastructure from attacks.
At the top of these recommendations is a Validated Architecture Design Review (VADR). VADR is a no cost assessment that evaluates your systems, networks, and security services to determine if they are
designed, built, and operated in a reliable and resilient manner.
The most common vulnerabilities we see include:
• Limited centralized logging
• Information systems living on the same network as production systems
• Remote assets connected through cellular modems, radios, or gateways – all carrying static IP’s
open to attacks
• SCADA or Data Analytics platforms connected through IPSEC tunnels and basic IT networking
By connecting operational technology with the same tools and in the same location as your IT networks,
you are putting critical infrastructure at risk. Gartner predicts that 30% of large organizations will have publicly shared ESG goals focused on cybersecurity by 2026, up from less than 2% in 2021. Just one
attack will impact your ESG rating and jeopardize the future success of your organization.
As you continue to adopt Industry4.0 into your business, a cybersecurity-first approach must be taken. The following practices are essential to keep your infrastructure secure and your name out of the
• Segmenting IT/OT networks
• Requiring Physical First Multi-Factor Authentication
• Internet invisible networks - Eliminate static IP’s and 3rd party cloud-routing
• 256-bit AES Encryption
• Routine log collection and analysis
In the time it took for you to read this post, more than 10 cyber-attacks impacted companies across the
United States. While most of these still reside on the IT side, the demand for connected ICS environments is driving these nefarious cyber actors to shift their focus. It is on you to stay ahead of the curve and our team is here to educate you how. Use the contact us link below to learn more.
Blog post is written by Eric Cohen - OT Network professional having talks about Industry 4.0, Smarter buildings, Smarter cities, Cybersecurity, and Digital transformation.