Rapid technological change, accelerated by the pandemic and now ingrained in our daily lives, has led us to become increasingly dependent on connected devices within critical infrastructures, as exhibited by the proliferation of smart meters, sensors, industrial controllers, and other “smart” products. As utilities, governments, and other critical infrastructure operators embrace the efficiencies of an expanded IoT and add ever more connected devices to their networks, they simultaneously increase the potential points of attack surface for malicious cyberthreats. This creates risk, and recent attacks on SolarWinds, the Oldsmar, Florida water treatment plant, and SITA, have proven that bad actors are only growing bolder and more sophisticated with their attempts at intrusion and manipulation of critical infrastructures functionality.
Critical infrastructures must balance the utility of expanding their network of connected devices with the threats posed by bad actors. Managing the risk emerging from these threats will require an understanding of the specific style of threats posed, as well as how to counter them.