Digital threats confronting Critical National Infrastructure (CNI) are on the rise. That’s because attackers are increasingly going after the Operational Technology (OT) and Industrial Control Systems (ICS) that shareholders use to protect these assets. In their report “Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?,” for instance, Siemens and the Ponemon Institute found that 64% of respondents considered sophisticated attacks against the utilities sector a top challenge. Slightly less than that (54%) said that they expected an attack on CNI would occur in the next year.

Malicious actors have not disappointed. In February 2020, FireEye revealed that it had witnessed a “significant increase” in publicly disclosed instances of ransomware having affected industrial production and critical infrastructure organizations. It was around that same time when IBM X-Force disclosed that the number of incidents in which threat actors attempted to target organizations’ ICS and OT assets had increased by over 2,000 percent between 2018 and 2019. Just a few months later, NETSCOUT clocked 1,780 distributed denial-of-service (DDoS) attacks against utilities worldwide between June 15, 2020 and August 21, 2020, reported Morning Consult. That’s a 595% increase compared to the same period in 2019.

Clearly, organizations that help to maintain CNI don’t have sufficient cyber resilience. Greenborne Networks found that out in a 2020 study on the levels of cyber resilience within critical infrastructure organizations. According to Help Net Security, just 36% of the 370 participating entities said that they had achieved a high level of cyber resilience.

These findings raise an important question: what makes securing CNI so difficult?

In this post, we’ll discuss four security challenges that stand in the way of hardening CNI against digital threats. We’ll also explain how Tripwire’s solutions can help to overcome these obstacles.

1)   Internal Resources

The security (Read more...)