Earlier this month, the U.S. experienced it first major shutdown of critical infrastructure due to a cyberattack in the nation’s history. When adversaries targeted Colonial Pipeline with a disruptive ransomware attack, critical infrastructure security immediately became a mainstream concern, because the attack is unprecedented in terms of its impact. Millions of people were affected as the East Coast’s largest gasoline, diesel, and natural gas distributor suspended oil and gas delivery. What’s more, the aftermath has lingered as rising gasoline and home heating oil prices put further stress on the sector and on individuals’ wallets and plans.
For years now, the government has been warning openly and clearly of targeted attacks against government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. Last July, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert in response to a growing number of attacks targeting industrial networks. The alert included broad warnings of an imminent and serious threat across all 16 critical infrastructure sectors and lengthy, detailed sets of recommendations for how to protect operational technology (OT) environments.
[ Learn more about industrial cybersecurity at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series ]
More recently, at the end of April, the NSA issued a second cybersecurity advisory on the waste three quickly reduce critical infrastructure environments
