Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceFire & Life SafetyPhysical Security

Special Report – Critical Infrastructure

Cyber-physical security in an interconnected world

Together, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity — each can be targeted, separately or simultaneously, to result in compromised systems and infrastructure.

By David Mussington
SEC1021-SR-Cyber-Feat-slide1_900px.jpg
SEC1021-SR-Cyber-slide2_900px.jpg
SEC1021-SR-Cyber-Feat-slide1_900px.jpg
SEC1021-SR-Cyber-slide2_900px.jpg
October 6, 2021

In May 2021, America’s energy jugular was threatened by a remote group of malicious cyber actors, called DarkSide. They unleashed a ransomware attack on one of the largest energy firms in the world and caused chaos across half of the United States. The ransomware attack stopped gas deliveries on the East Coast, causing shortages at the pump, a price spike on gasoline, and forced the company to pay millions of dollars in ransom to get their networks released.

The ransomware attack was the latest example of the potential danger that can be caused by the convergence of cybersecurity and physical security. Industry adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices into their networks have led to an interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once-clear and separate functions of cybersecurity and physical security.

Meanwhile, efforts to build cyber resilience and accelerate the adoption of advanced technologies can also introduce or exacerbate security risks in this evolving threat landscape.

A successful cyber or physical attack on connected industrial control systems (ICS) and networks can disrupt operations or even deny critical services to society. For example:

  • A security gap in access controls, such as unauthorized access to facilities or system permissions, can allow an individual to use a universal serial bus (USB) device or other removable hardware to introduce a virus or malware into a network.
  • Heating, ventilation and air conditioning (HVAC) systems can be virtually overridden, causing a rise in temperature that renders network servers inoperable.
  • A cyberattack on telecommunications can impair communication with law enforcement and emergency services, resulting in delayed response times.
  • An unmanned aircraft system (UAS) can compromise sensitive information by gaining access to an unsecured network using wireless hacking technology.
  • A cyberattack exploiting healthcare vulnerabilities can compromise sensitive data or cause a connected medical device to malfunction, resulting in injury or loss of life.

Over the past several years, the nature of this threat has evolved and is now more complicated and asymmetric. Infrastructure — the systems that enable our way of life, such as water, transportation, electricity, etc. — continues to be a frequent target of interest by a diverse group of malicious  actors — nation-states like Russia, China, Iran and North Korea, as well as cybercriminals, terrorist groups, and others — who can initiate attacks from anywhere in the world.  

We have seen this evolving threat environment firsthand, as it has been quite a year for cybersecurity. First, we witnessed cybercriminals seize on the pandemic as an opportunity to deliver malicious software, steal data, disrupt organization operations, and target vaccine developers and supply chains.

As many countries enforced social distancing and shifted to a remote work environment, this also resulted in an expanded attack surface, forcing companies across the globe to rethink their business strategies, kick-starting an accelerated digital transformation for many organizations.

In the U.S., we worked across all levels of government and industry in a whole-of-nation effort to successfully protect the 2020 U.S. Presidential election — and the lessons learned continue to drive improvements in information sharing, communication and incident response within our country as well as with our democratic partners.

In December, we were alerted to a cyber espionage campaign that was likely ongoing since September 2019 — commonly referred to as the Solar Winds cyber incident. The U.S. government formally attributed this cyber supply chain compromise to Russian Foreign Intelligence Service actors. This compromise has targeted not only U.S. government networks, but also industry networks.

In March, we were alerted to another widespread exploitation. This time cyber actors targeted one of the most widely used business applications — Microsoft Exchange Server. And a month later, we were alerted of another exploitation in Pulse Connect Secure products, which goes back to the consequences brought on by the COVID-19 pandemic and growth in the use of virtual private networks, which enable our remote work and education and continue to be on the list for malicious cyber actors to exploit.

And just in the last few months, Americans experienced the real-world consequences of the ransomware epidemic as malicious cyber actors targeted a fuel pipeline, taking down part of our infrastructure on a regional level, as well as a meat production plant, causing a shortage in our food supply chain.


Ransomware

Ransomware is an important threat to take into account because these types of attacks are hitting entities across the globe. Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.

Ransomware is an epidemic affecting cities, hospitals, schools, manufacturing and other critical infrastructure targets.   

Malicious cyber actors are going after these victims because they have both the means and, most importantly, the incentive to pay. Distinct threat actor groups that engage in ransomware attacks appear to be collaborating more closely with their peers in the criminal underground, behaving more like cybercrime cartels than independent groups. Ransomware attacks that previously took weeks or days now only require hours to complete.

While these threats are undoubtedly significant, looking ahead, we believe that, through collective defense and resilience, we can dramatically decrease the number and impact of ransomware attacks.  


What can we do?

Given this rising threat, the U.S. government is looking to better coordinate protection efforts that anticipate and counter criminal groups’ tactics, techniques and procedures, to help prevent ransomware attacks from reaching their intended targets. This will ensure our nation and the global community address criminal campaigns as a whole, rather than individual incidents.

This effort is being led from the White House. In response to recent attacks, Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, released a memo on June 2, directed towards corporate executives and business leaders, urging that those in positions of authority take seriously and act decisively in their efforts to protect against ransomware.  

At CISA, we are supporting these efforts by focusing on hardening targets, making our systems more secure and resilient, and more difficult for cyber actors to penetrate.

CISA’s counter-ransomware initiatives, like most of our work, are designed to defend today and secure tomorrow. That means working collaboratively with our partners across government, industry and the international community to enhance the security of infrastructure against today’s threats and shape the strategic environment over the long term.

We are doing so in a number of ways:

  • We share alerts on new ransomware campaigns like we did late last year when we had credible information on a threat to hospitals, which would have had devastating consequences during the COVID -19 pandemic.  
  • We also provide best practices on how to prepare and respond to ransomware incidents. I encourage you to utilize CISA’s resources to reduce your organization’s risk to ransomware. These resources can be found on CISA.gov/ransomware.
  • Beyond sharing alerts and best practices, we are raising awareness of the threat and sharing best practices that everyone can do through our recently launched outreach campaign to reduce their risk of ransomware.

For critical infrastructure owners and operators, CISA has the following recommendations:

Develop an incident response plan: It is imperative that you develop a scenario-based incident response plan that includes clear leads and backups for all the potential incident response roles from the executives, to the incident commander, to legal counsel and public affairs.  

Back up systems: Backing up all critical information to the cloud or offline and testing your ability to revert to these backups is also a practice that organizations must routinely adopt. Doing so will help mitigate consequences in the event that an attack does occur.   

Isolate systems: If the bad guys get in, make it hard for them to get data out. For example, immediately isolate the infected systems and review the connections of any business relationships, including any customers, partners or vendors that touch your network, to prevent the further spread of the attack.  

Report an incident: If you fall victim to a cyberattack, we encourage you to reach out to us. Upon request, CISA also regularly deploys expert teams to help entities mitigate and recover from cyber incidents, and we stand ready to provide our services to any organization that has experienced a cyberattack.

The U.S. government highly recommends that ransoms not be paid, primarily because you would be paying a criminal who may or may not return your data, which would also encourage cybercriminals to attack more victims. Over the longer term, we want to see what more we can do to evolve our collective capabilities to block emerging types of ransomware and foster the market for scalable protective innovations.

None of this is easy, and unfortunately, if the business model remains viable, we are unlikely to see a significant reduction in the activity from the ransomware actors. Until then, we need to do everything we can to reduce the likelihood that they are successful.


Convergence to Improve Security

Together, cyber and physical assets represent a significant amount of risk to physical security and cybersecurity — each can be targeted, separately or simultaneously, to result in compromised systems and/or infrastructure. Yet, physical security and cybersecurity divisions are often still treated as separate entities. When security leaders operate in these silos, they lack a holistic view of security threats targeting their enterprise. As a result, attacks are more likely to occur and can lead to impacts such as exposure of sensitive or proprietary information, economic damage, loss of life and disruption of national critical functions (NCFs).

NCFs are functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. These functions are connection, distribution, management and supply. As the U.S. becomes more dependent on cyber and physical infrastructure, the opportunities and threats both converge.

Convergence is a formal collaboration between previously disjointed security functions. Organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate and respond to threats. Convergence also encourages information sharing and developing unified security policies across security divisions.

A culture of inclusivity is vital to successfully converging security functions and fostering communication, coordination and collaboration. Organizations of all sizes can pursue convergence by developing an approach that is tailored to the organization’s unique structure, priorities and capability level.


CISA’s Role

CISA is ready to provide resources to individuals and organizations that request assistance. On CISA.gov, there is a plethora of information regarding cyber safety, cyber hygiene and the detection and prevention of cyberattacks. This information can make the difference between being protected or being vulnerable.

Additionally, CISA offers comprehensive training for industrial control systems, continuous diagnostics and mitigation and incident response training, among others. Registering for training in person or virtually is easy, and all CISA services are provided free of charge.


Looking Forward

As we look ahead, we know that our adversaries will continue to try and exploit vulnerabilities, utilize ransomware as a threat tactic and target critical infrastructure. That being said, it is imperative that we come together and renew our efforts to encourage responsible behavior and oppose those who would seek to disrupt our security.

The U.S. government is committed to collaborating with our partners in the private sector to strengthen the security of our global digital infrastructure.

Cybersecurity is the new battlefield, and only by reaching across traditional boundaries and continuing to adapt to meet new challenges will we be able to develop a common strategy and unify our collective defense.




Recognizing 2021’s National Critical Infrastructure Security and Resilience Month, Security magazine had the honor of working with security leaders within the public and private sectors to bring you October’s Special Report — comprised of five different features to be used as best practices and resources to assist critical infrastructure organizations in bolstering their security postures to prevent and reduce the risks of disruptions.

  • A resilience framework for the future
  • Protecting the energy grid is a team sport
KEYWORDS: critical infrastructure enterprise security risk management supply chain

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dr. David Mussington serves as the Executive Assistant Director (EAD) for the Infrastructure Security Division (ISD) at the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). As EAD, he helps lead CISA’s efforts to secure the nation’s critical infrastructure in coordination with government and the private sector. His priorities for ISD include vulnerability and risk assessments; securing soft targets and crowded places; training and exercises; and securing high-risk chemical facilities. Prior to joining CISA, Dr. Mussington was Professor of the Practice and Director for the Center for Public Policy and Private Enterprise at the School of Public Policy for the University of Maryland. Image courtesy of Mussington

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • CISA Bomb Prevention Training video

    CISA Office for Bombing Prevention provides counter-IED training

    See More
  • Painted Earth

    An era of conflict: Navigating a ‘fragmenting world’ in 2025

    See More
  • protestenews

    Identifying Physical Threats in the Virtual World

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

See More Products

Events

View AllSubmit An Event
  • February 20, 2025

    Ideological Tensions in the Workplace: Understanding and Mitigating Risks of Violence

    ON DEMAND: Organizations face evolving threats, including workplace violence stemming from ideological tensions, political polarization, economic disparities, and other factors.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing