Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity NewsInfrastructure:Electric,Gas & Water

Critical Infrastructure Under Persistent Threat

By Andrea Carcano
infrastructure
December 6, 2018

The cyber threats facing Industrial Control Systems (ICS) include nation-state attacks, hacktivists, criminals and even trusted insiders. The frequency and ferocity of attacks are growing and continue to pose a major challenge to those ICS practitioners and cybersecurity teams tasked with protecting our critical national infrastructure (CNI).

The impact of potential threats to these systems relates to physical processes and can result in downtime of systems causing power, electricity or water outages. Any downtime can affect a plant’s ability to operate, its productivity and availability. For this reason, organizations that support critical infrastructure need to ensure the safety of workers, environmental impact and other aspects of operations.  

To do that, industrial control system operators need to stay up-to-date with both cybersecurity challenges and the methods available to monitor and mitigate threats.

 

The Challenge of Securing CNI Systems

Industrial control systems are critically important for facilitating essential services – such as transportation, manufacturing and delivering essential services to our homes and businesses. This includes electricity and oil and gas; all of which are supporting instruments of national security and economic activity. This has not gone unnoticed by nefarious individuals who could target these systems to threaten national security and create economic instability on a global scale.

Traditionally built in a pre-internet era, these legacy systems are unrecognizable today.

For example, while initially designed to be contained within a physical parameter, increased connectivity has seen these air-gapped industrial control systems connected to IT systems that can not only monitor, but also control, processes remotely. This increased connectivity and convergence delivers some great advantages including cost savings, health benefits for workers, and even interoperability, the flip side is these systems are now connected to the Web and that makes them more easily discoverable to anyone looking. This has led to new pathways and mechanisms to manipulate automated physical systems, including critical infrastructure. Often designed without security, which is now being added, this can leave them vulnerable to cyber risks.

The combination of both criticality and vulnerability expose CNI operations as targets for threat actors – whether they are geo-politically motivated, economically motivated, maliciously motivated or a combination of all of the above.

 

CNI Designed Attacks

In the last few years CNI systems have experienced an increase in nation-state threats and cyberattacks, accented by high profile cases like the 2015 and 2016 attacks on the Ukrainian power grid, DragonFly and Stuxnet.

However, it’s not just malicious individuals that cause outages. The reality is that many cyber threats can result from weak passwords or even open ports. Whether caused intentionally or as the result of unintentional mistakes, all can negatively impact productivity.

We are at a fulcrum point where many have realized that innovation in connectivity has outpaced the cybersecurity measures needed to protect critical operational systems form escalating threats. That must change.

 

Change in Attack Focus

Conventionally, massive cyberattacks have targeted consumer and enterprise data theft, with targets being banks, credit agencies and retailers. In these types of attacks, the data acquisition and financial gain were the objectives, but this is changing.

Today cyberattacks will increasingly target industrial networks, such as power and distribution systems, transportation systems, manufacturing facilities and other critical infrastructure. In these scenarios, the objective isn’t data theft alone, rather disruption is the end goal. To do this, black hat activists or state-sponsored hackers must engage in OT data reconnaissance to obtain sufficient engineering knowledge of an ICS target, then engage a tailored attack that manipulates or disrupts a physical system.

 

Best Practices

To ensure operational reliance in the face of targeted attacks on ICS and CNIs, operators should be investing in the latest innovation to combat ICS cyber risks. In addition to cybersecurity strategies that place an emphasis entirely on protection methods, such as firewalls, SNMP network management tools, SIEMs etc., the ICS community must accept that some attacks will penetrate their defenses and that they have the ability to rapidly identify and respond to cybersecurity incidents early in their intrusion/attack cycles.

New innovations in the area of ICS monitoring and detection can alert operators to both process anomalies and cyber incidents in real-time, thus triggering rapid response and ensuring operational resilience.

Cybersecurity awareness training is also essential for personnel so that they can minimise the risks of accidentally opening the door to cyberattacks. Also, it is important to recognise that employees can inadvertently be the weakest link in a cybersecurity program, therefore organisations should use real-time monitoring technologies that can identify anomalous activities, regardless of the cause.

By monitoring for unusual behavior CNIs can create an early-warning system that enables them to avert or minimise risks to safety and smooth operations. IT and security teams also need to improve their security posture by extending beyond protective cybersecurity measures. For example, selecting technologies that provide advanced forms of both ICS threat and anomaly detection, asset discovery and rich network visualisation. This will be extremely helpful in not only identifying threats but also being able to respond to them quickly before they cause damage.

Cybersecurity experts recommend industrial companies with operations at risk should look to proven technologies that leverage artificial intelligence and machine learning to continuously monitor industrial controls systems networks for anomalies that detect and mitigate possible attacks that could cause harm to the industrial control systems. These technologies meet the unique needs of securing industrial networks and processes, integrate with IT security infrastructure to give IT organizations visibility into their ICS and help reduce the cybersecurity skills gap.

 

Look to the Future

One of the challenges companies will continue to face in the future is the result of technological progress that has come with the Industry 4.0 / IoT trends of the last five years. The increased connectivity of non-consumer devices has filtered down to mission critical networks and industrial control systems like DCS, MES and SCADA. As these industrial applications grow more intelligent, so does their exposure to cyber-born threats; whether they are internal or external.

With technological advances, such as machine learning and Artificial Intelligence, it’s now possible to model and monitor large, complex industrial control networks and critical physical processes. Normal baselines can be established for network communication and process behavior so that deviations and anomalies are instantly detected and operators are alerted.

Real-time operational visibility provides immediate insights for faster troubleshooting and remediation of cybersecurity and process issues. That makes it easier for engineers and plant operators to identify affected devices and apply compensating controls before operational systems are impacted.

Attackers will continue to improve and advance their attack methods and strategies to evade detection and gain control over targets. Attempts on ICS targets will grow in number as well. This is a certainty. The dynamics of black hat and white hat cyberwarfare has always been fought using tools of innovation. However, today the battlefield has migrated from the desktop or server room to the plant floor, oil field and power grid. With economic instability and even threat to physical safety, failure is not an option.

KEYWORDS: critical infrastructure cybersecurity cyberattack data breach Industrial Control Systems nation-state attack security technology Terrorism

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Andrea Carcano, co-founder and Chief Product Officer at Nozomi Networks, is an expert in industrial network security, artificial intelligence and machine learning, and has published a number of academic papers on the subject. His passion for cybersecurity and solving the unique challenges around ICS became the focus of his PhD in Computer Science from the Università degli Studi dell'Insubria. Carcano worked on the European Commission Power Plant Security Program, was a Senior Security Engineer for global oil and gas supermajor Eni, and most recently (through his work at Nozomi Networks) developed software that detects intrusions to critical infrastructure control systems. In his current role at Nozomi Networks, Carcano is helping build a new generation of ICS Security products.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • ransomware-freepik1170x658xtkh.jpg

    AvosLocker ransomware a threat to critical infrastructure

    See More
  • cyber 1 feat

    Critical Infrastructure Facing Increased Cyber Risk

    See More
  • Utility lines in sunset

    Cyberattacks on critical infrastructure increased by 30% in one year

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing