2021 was the year that marked a major cyber-attack against a critical national infrastructure organization whose impact was felt by millions of Americans on the East Coast. However, the attack against the Colonial Pipeline Company was not the only incident that affected the Operational Technology (OT) systems of a critical sector for the U.S. national economy. In response to a growing number of attacks, President Biden signed an Executive Order in May 2021 with the aim of strengthening the cybersecurity of the U.S. government and critical infrastructure.

The same level of concern is also shared across many developed countries in the world. The digitization of critical OT systems and the connection of previously isolated Industrial Control Systems (ICS) to the internet has brought endless possibilities as well as risks. Because of the IT-OT convergence, threats that originate in the IT environment are extending into the OT domain, harming the safety and reliability of critical processes. Since these OT processes affect the physical world, such disruptions may have ripple effects and may even lead to loss of life.

To better understand the extend of the issue, it would be beneficial to take a tour around the world and read what various state cybersecurity reports say about OT cybersecurity.

Franco-German Common Situational Picture

The French cybersecurity agency (ANSSI) and its German counterpart (BSI) have been issuing for the last years common situational reports to promote threat intelligence sharing. In the third edition of the report in 2020, the two agencies note the following:

The digitalization of production processes underpinning the core activity of an entity, through the connection of operational technology (OT), will carry risks for the near future. Those OT systems have usually a long lifecycle and are expensive. Hence, they are not changed or (Read more...)