Critical Infrastructure Under Siege: Safeguarding Essential Services

Our world is more digitally connected than ever, including the critical infrastructure systems we rely on: power grids, water treatment plants, transportation networks, communication systems, emergency services, and hospitals. A successful attack on critical infrastructure can have dire consequences, ranging from widespread power outages and contaminated water supplies to economic downturns and societal disruption. 

Some of those consequences have come to fruition in recent years. The 2021 Colonial Pipeline ransomware attack disrupted fuel supplies across parts of the U.S. Similarly, the Ascension Health cyberattack in May 2024 gave us a glimpse of the impact on patients when a healthcare system falls victim to a cyberattack.

The Anatomy of an Attack

A typical attack on critical infrastructure usually begins with reconnaissance, where attackers gather information about their target, its vulnerabilities, and potential entry points. This is followed by an initial compromise, often achieved through phishing emails, exploitation of software vulnerabilities, or even physical intrusion. Once inside, the attackers move laterally through the network, seeking access to critical systems and data. Finally, the attackers execute their objective, which could include data theft or disruption of operations. 

Industrial control systems (ICS), which are used to monitor and control industrial processes, and operational technology (OT) networks, which connect and manage physical devices and systems, are desirable targets for attackers. These systems are often outdated, connected to the internet, and lack robust security measures, making them vulnerable to exploitation. A successful attack on these systems can have a direct physical impact, causing equipment malfunctions, power outages, or even safety hazards. 

Systems Under Attack: The Tangible Impact

The 2021 Colonial Pipeline ransomware attack is a prime example of the devastating impact of an attack on critical infrastructure. Hackers infiltrated the pipeline operator’s network and deployed ransomware, encrypting critical data and disrupting operations. The attack forced the company to shut down its pipeline, leading to fuel shortages and panic buying in parts of the Eastern U.S. While the company eventually paid a ransom to restore its systems, the attack highlighted the vulnerability of critical infrastructure to cyberattacks and the potential for widespread disruption. 

In May 2024, Ascension Health, one of the largest non-profit healthcare systems in the U.S., suffered a ransomware attack that disrupted patient care and caused data breaches. The attack affected Ascension’s electronic health records system, forcing some hospitals to switch to paper records. According to NPR, over a dozen healthcare professionals in Ascension facilities reported lapses in care due to the attack, including diverted ambulances, delayed or lost lab results, medication errors, and an absence of routine safety checks via technology. 

Protecting Our Vital Systems

Safeguarding physical infrastructure requires a multi-faceted approach. Here are some actionable steps that organizations can take to enhance security: 

• Network Segmentation: Isolate critical systems like ICS and OT networks from less sensitive networks. This creates barriers that make it harder for attackers to move laterally and access sensitive areas, even if they breach the outer defenses. 
• Incident Response Planning: Develop a well-defined, comprehensive plan for responding to and recovering from attacks. This plan should include clear roles and responsibilities, communication protocols, and procedures for identifying, containing, and eradicating threats. 
• Continuous Monitoring: Employ a combination of security tools and technologies to detect and respond to threats in real time. Proactive monitoring allows for swift identification and mitigation of threats before they cause significant damage. 
• Regular Updates and Patching: Keep software and systems up to date and address any known vulnerabilities as quickly as possible. Establish a regular patching schedule and ensure that all systems, including those in OT environments, are patched properly.
• Strong Password Policies: Recommend using complex passwords and multi-factor authentication wherever possible to make it harder for cybercriminals to access accounts and systems.

Protecting critical infrastructure is a shared responsibility requiring collaboration between governments, businesses, and individuals. By remaining vigilant against evolving threats, we can safeguard these essential services and ensure the continued well-being of our communities and economies. Contact our experts to learn how Devo can help you monitor for suspicious activity.