According to Gartner, 30 per cent of critical infrastructure organisations will experience a security breach, which will result in the halting of operations, or mission-critical cyber-physical systems.
Critical infrastructure security has become a primary concern for governments worldwide. The US, UK, EU, Canada, and Australia identify “critical infrastructure” sectors, such as communications, transport, energy, water, healthcare, and public facilities. In some countries, critical infrastructure is state-owned, while in others, like the US, private industry owns and operates a much more significant portion of it.
“Governments in many countries now realise their critical national infrastructure has been an undeclared battlefield for decades,” said Ruggero Contu, research director at Gartner. “They are now making moves to mandate more security controls for the systems that underpin these assets.”
A Gartner survey showed that 38 per cent of respondents expected to increase spending on operational technology (OT) security by between 5 per cent and 10 per cent in 2021, with another 8 per cent of respondents predicting an increase of above 10 per cent.
However, this may not be enough to counter underinvestment in this area over many years, according to Gartner.
“Besides the need to catch up, there is a growing number of increasingly sophisticated threats,” Contu said. “Owners and operators of critical infrastructure are also struggling to prepare for the coming increased oversight.”
Increased risk needs a holistic security approach
Over time, the technologies that underpin critical infrastructure have become more digitised and connected – either to enterprise IT systems and/or to each other – creating cyber-physical systems security risks. The result has been a substantial increase in the attack surface for hackers and bad actors of all kinds.
In critical infrastructure sectors, organisations need to be more concerned about real-world hazards to humans and the environment rather than information theft. Gartner predicts that by 2025, attackers will have weaponised a critical infrastructure cyber-physical system to harm or kill humans successfully.
Gartner recommends that security and risk management (SRM) leaders in critical infrastructure sectors develop a holistic approach to security so that IT, OT and Internet of Things (IoT) security are managed in a coordinated effort.
“SRM leaders should accelerate efforts to discover, map and assess the security posture of all cyber-physical systems in their environment,” said Contu. “Invest in threat intelligence and join industry groups to stay apprised of security best practices, upcoming mandates and requests for inputs from government entities.”
If you liked reading this, you might like our other stories
Can Edge AI Power Modern Data Analytics?
Competition Boosts Innovation, And The Cycle Continues