By: Carlos Buenano, CTO for OT at Armis
Prior to preparing for the coming year, it’s important to first contextualise the severity of the threats facing the UK’s critical infrastructure. Manufacturing, for example, saw a 37%[1] increase in ransomware attacks in the last 12 months.
Critical infrastructure sectors such as energy, water, transportation, and healthcare are becoming prime targets for cyberattacks, particularly from nation-states and advanced persistent threat (APT) groups. The goal of these attackers is often to create widespread disruptions that destabilise economies or gain political leverage.
Such a steep upturn in critical events has sparked conversation amongst industry leaders and significantly elevated the focus on cybersecurity strategy, provision and resilience. As the new year begins, CNI must prepare to bolster defences and take steps to enhance the resilience of their mission-critical processes.
Targeted Ransomware in Manufacturing
Ransomware attacks are evolving beyond IT environments and are now specifically targeting OT systems, such as industrial control systems (ICS) in manufacturing plants. These attacks are aimed at halting production lines, leading to prolonged downtimes and severe financial losses. Attackers recognise the high stakes in manufacturing, where even a brief halt can result in millions of pounds in losses, making these companies more likely to pay the ransom quickly.
Zero Trust Expansion in OT Systems
As OT systems become more connected and integrated with IT networks, the risk of lateral movement from IT to OT environments increases. The adoption of Zero Trust architectures in OT systems is growing as a way to mitigate these risks. Zero Trust assumes no device, user, or connection is trusted by default, requiring strict authentication and continuous monitoring at every access point. Implementing Zero Trust in OT environments can significantly reduce unauthorised access and minimise the damage caused by compromised credentials or insider threats.
Legacy OT Systems Vulnerabilities
Many manufacturing and industrial facilities continue to rely on legacy OT systems that were never designed with cybersecurity in mind. These systems often lack encryption, proper authentication mechanisms, and patch management capabilities, making them easy targets for cybercriminals. As replacing these systems can be prohibitively expensive, organisations must find ways to secure them. This might include the use of network segmentation, mitigating controls, and the deployment of security patches whenever feasible. Additionally, real-time monitoring of traffic patterns for unusual activity can help detect breaches in these vulnerable environments.
AI-Driven Threat Detection and Response
AI-driven cybersecurity solutions are rapidly becoming a cornerstone in OT environments as cyberattacks increase in frequency and complexity. These tools can analyse vast amounts of data in real-time, using predictive analytics and anomaly detection to identify threats before they cause significant damage. AI can also improve efficiency and automate incident response processes, allowing systems to react faster than human operators, and even block or contain threats in real-time. This proactive approach is critical, as traditional, reactive security models struggle to keep up with evolving threats.
Supply Chain Attacks in Manufacturing
Manufacturing supply chains are highly interconnected, with multiple suppliers and third-party vendors contributing to production processes. Attackers are increasingly exploiting these relationships to launch supply chain attacks, targeting weak links to infiltrate OT systems. Once inside, they can cause production delays, manipulate product quality, or steal intellectual property. Protecting against supply chain attacks requires not only securing one’s own systems but also ensuring the security of all partners within the supply chain.
Convergence of IT and OT Cybersecurity
The line between IT and OT networks is becoming increasingly blurred as organisations embrace digital transformation. This convergence creates new vulnerabilities, as a breach in IT can now have direct consequences on OT systems. To address this, organisations are moving toward unified cybersecurity platforms that offer the capability of real-time visibility and protection across both IT and OT environments.
Cyber-Physical Attack Consequences
Attacks on OT systems can result in real-world, physical damage. For example, a cyberattack on a power plant can cause electrical outages, while an attack on a transportation system can lead to accidents or delays. These attacks not only disrupt operations but also endanger public safety. As OT systems control critical physical processes, cybersecurity must be treated as a priority to prevent catastrophic outcomes.
Regulatory Compliance for OT Security
As the threat landscape for OT systems expands, regulatory bodies around the world are introducing stricter compliance requirements for OT cybersecurity. Regulations such as the NIS2 (Network and Information Security) Directive in the EU, mandate strong cybersecurity controls, ongoing monitoring and the disclosure of cyberattacks. Organisations must not only implement these protections but also demonstrate compliance through audits and continuous risk assessments.
Weaponisation of IoT in Critical Infrastructure
The proliferation of Internet of Things (IoT) devices in critical infrastructure sectors has dramatically expanded the attack surface. These devices, often deployed without robust security measures, can serve as entry points for cybercriminals to access core OT systems. For example, compromised IoT sensors, such as smart meters in a power grid could disrupt monitoring and control functions, leading to major power outages. Securing IoT devices requires strong encryption, regular patching, and strict access controls.
Cloud Adoption for OT Security
As OT environments become more dispersed geographically, cloud-based security solutions are gaining popularity. These solutions enable centralised monitoring, management, and threat intelligence sharing across multiple sites, improving visibility and incident response times. Cloud platforms can offer scalable security services such as real-time threat detection, endpoint protection, and automated response, all of which are crucial for protecting OT environments.
The dependence on OT assets and the environments they operate in continues to grow year on year. Whether it’s assembling cars, keeping a nuclear reactor stable, or keeping drinking water safe, these once manual processes are now completely automated. With this in mind, prioritising the resilience of this critical infrastructure is essential. The trends outlined above underscore the need for proactive and strategic cybersecurity measures. By taking steps now, organisations can protect against increasingly sophisticated threats and ensure the continued safe operation of critical systems.
[1] Armis Labs, 2024
