Table of contents
- What Is the Difference Between IoT and OT Security?
-
What Is the Purdue Model for ICS Security? | A Guide to PERA
- How does the Purdue Model for ICS Security work?
- What are the Purdue Model layers?
- What are industrial control systems?
- What are the main ICS architecture security challenges?
- What kinds of cyberthreats commonly impact ICS?
- What is the history of the Purdue Model?
- Examining the Purdue Model’s role in modern ICS security
- Purdue Model for ICS Security FAQs
- What is OT security?
-
What Is IT/OT Convergence?
- What Is OT?
- What Is the Difference Between IT and OT?
- How and Why IT and OT Are Converging
- Types of IT/OT Convergence
- The Role of IoT and IIoT in IT/OT Convergence
- IT/OT Security Convergence
- Impacts of IT/OT Convergence on ICS Security
- IT/OT Convergence Benefits
- IT/OT Convergence Challenges
- IT/OT Convergence Use Cases and Examples
- IT/OT Convergence Best Practices
- IT/OT Convergence FAQs
-
What is IoT Security?
- What Is Internet of Medical Things (IoMT) Security?
-
What Is ICS Security? | Industrial Control Systems Security
- What is an ICS?
- Why is ICS security important?
- How does ICS security work?
- What is the role of IT/OT convergence in ICS security?
- What kinds of cyberthreats commonly impact ICSs?
- What are the main ICS security challenges?
- What are the primary ICS protocols?
- How to achieve ICS security step-by-step
- 10 ICS security best practices
- What are the primary ICS security frameworks, standards, and regulations?
- What is ICS supply chain security?
- 2025 ICS security market and trends
- What are the different types of industrial control systems?
- What are the components of an industrial control system?
- What are the differences between OT, ICS, SCADA, and DCS?
- How does ICS security compare with OT and SCADA security?
- What is the history of industrial control systems?
- ICS security FAQs
-
What Is Cyber-Physical Systems Security (CPSSEC)? | Overview
- What are examples of cyber-physical systems?
- What is the difference between a cyber-physical system and an Internet of Things (IoT) device?
- Why is cyber-physical system security important?
- What are the common cyber-physical system security challenges?
- What to look for in a CPS protection platform
- Cyber-physical systems security FAQs
- What is 5G security?
- IT vs. OT Security | What Are the Differences?
- What Are the Differences Between OT, ICS, & SCADA Security?
- What Is the Difference Between IT and OT? | IT vs. OT
-
How to Secure IoT Devices in the Enterprise
-
The Impact of IT-OT Convergence on ICS Security
-
Building Secure Smart Cities in the Age of 5G and IoT
What Is Critical Infrastructure?
4 min. read
Table of contents
Critical infrastructure includes all of the assets, systems and networks – physical and virtual – that are essential to the proper functioning of a society’s economy, national public health or safety, security, or any combination of the above. Critical infrastructure includes food and agriculture sectors, transportation systems (e.g., roads, railways, highways, airports), water supply (e.g., drinking water, waste water/sewage), internet and mobile networks, public health (e.g., hospitals, ambulances), energy (oil and gas), electric utilities, financial services, telecommunications, defense, and more. Although critical infrastructure is similar across all nations due to basic living needs, the infrastructure considered critical can vary according to a nation’s unique needs, resources and level of development. In the U.S., this physical and cyber infrastructure is typically owned and operated by the private sector, though some is owned by federal, state or local governments.
Why Does Critical Infrastructure Security Matter?
Critical infrastructure often encompasses industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, which are used to automate industrial processes in critical infrastructure industries. Attacks against SCADA and other industrial control systems are serious concerns. They have the potential to create wide-scale compromise in vital systems, such as transportation, oil and gas supply, electrical grids, water distribution, and wastewater collection. The connections and interdependencies between infrastructure systems and sectors mean that, if one or more functions fail or experiences a blackout, there can be an immediate, negative impact on multiple sectors. In May 2021, cybercriminals breached the Colonial Pipeline Co., which controls nearly half the gasoline, jet fuel and diesel flowing along the East Coast. Using a compromised password, the hackers took down the largest fuel pipeline in the U.S., leading to shortages across the East Coast.
The threat of crippling cyberattacks against industrial control systems has financial implications as well. According to Gartner, in large manufacturing, oil and gas organizations, the average cost of a downtime per minute can be anywhere between $5,000 to $10,000. Cybercriminals have learned they can extract substantial ransoms from their victims, and nation-states can more effectively bully rival countries with demonstrations of their cyberwarfare capabilities. The Colonial Pipeline and JBS USA Holdings Inc. attacks together resulted in $15 million in paid ransom. Not only are attackers increasingly going after critical infrastructure (CI) and operational technology (OT), but also investing more in improving their capabilities to compromise these organizations.
How Governments Are Approaching Defending Vital Systems
Governments and the agencies responsible for critical infrastructure are evolving to meet cyber risks as well as diverse needs for more data for more users – residents, patients, students and contractors – in more places than ever. For example, the recent Colonial Pipeline ransomware attack prompted U.S. President Biden to sign an executive order instructing the U.S. federal government to bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises or hybrid.
“Smart Government” initiatives are driving innovative approaches to how governments can make use of data from more constituents, and smart sensors are changing the way militaries use real-time data from far afield. These realities are driving a new way of operating that must also include new cybersecurity considerations. For example, in 2018 the Australian Signals Directorate (ASD) issued “Strategies to Mitigate Cyber Security Incidents” guidelines to help Australia’s critical infrastructure and other organizations protect the nation’s digital assets. These strategies are born from governments’ observations and experiences while responding to cybersecurity incidents and testing their security posture.
Challenges to Securing Control Systems in Critical Infrastructure
SCADA and industrial control systems have undergone dramatic transformations in recent decades. What once was a collection of isolated, proprietary systems based on serial protocols are now highly interconnected systems that leverage the internet protocol and commercial off-the-shelf solutions to optimize operations and reduce costs. While the business benefits of this integration of information technology (IT) and operational technology (OT) have been many, the modernization has also increased the risk of cyberthreats compromising the availability of the process and well-being of personnel, citizens, economies and the environment. This factor, combined with rising threat and regulatory landscapes, has increased the burden for organizations trying to secure their critical infrastructure. Some of these challenges include:
- Gaining granular visibility over operational network traffic at the application and user levels to validate proper or anomalous use.
- Segmenting networks with sufficient access controls to limit extraneous and internal attack vectors while meeting stringent performance requirements, such as ISA 62443.
- Protecting unpatched commercial off-the-shelf (COTS) systems from known cyberthreats and reducing downtime due to cyber incidents or patching.
- Preventing advanced cyberattacks, which utilize zero-day methods to disrupt production, compromise information integrity or exfiltrate intellectual property.
- Managing disjointed, distributed network and endpoint security products.
- Securing unmanaged, unsecured IoT and connected devices.
- Complying with regulations such as NERC CIP, TSA Security Directives and NIST CSF as well as efficiently providing information for audits.
- Insuring operations and security of remote outside plant environments with security solutions ruggedized and compliant for a wide range extreme conditions.
To effectively protect today’s SCADA and ICS networks in critical infrastructure, a modernized security approach is necessary. To learn how Palo Alto Networks helps operators of ICS and SCADA systems around the world protect their brands and process control environment operations, download Security Reference Blueprint for Industrial Control Systems.
