In late November 2023, a concerning incident unfolded as a small water treatment facility in western Pennsylvania fell victim to a cyber attack by a nation-state actor. Disturbingly, this breach was not an isolated case, as several other U.S.-based water treatment plants were swiftly identified as targets of a cybercriminal syndicate associated with Iran’s Islamic Revolutionary Guards Corps (IRGC).
Across the Atlantic, Denmark faced a similar situation in May, with 22 energy companies falling victim to cyber breaches. Alarming statistics from the International Energy Agency indicate a doubling of cyberattacks against utilities every week, pointing to an escalating trend in cyber threats against critical infrastructure.
In recent years, the industrial sector has witnessed a surge in cyber attacks, affecting food producers, agricultural businesses, and product manufacturers. These attacks not only compromise operational safety but also pose risks to the lives of workers and the general public. Additionally, they threaten vital aspects such as food security, supply chains, and the overall societal infrastructure we’ve grown accustomed to.
Looking ahead to 2024, the focus on Operational Technology (OT) security becomes paramount. The industrial world is expected to implement robust security programs to counter cyber breaches. As governments step in, the European Union’s Network and Information Systems Directive 2 (NIS2) is set to take effect in October 2024. This directive targets organizations providing critical goods and services, spanning manufacturers, food producers, water distributors, and more. Non-compliance with NIS2 may result in substantial fines and criminal sanctions for senior managers, emphasizing the urgency for organizations to enhance their security posture.
In the United States, the Securities and Exchange Commission (SEC) has introduced regulations requiring registered companies to disclose material cybersecurity incidents, extending the focus to risk management and disclosure of cyber incidents, as seen in legal actions against SolarWinds.
However, the economic landscape is poised to influence cybersecurity expenditure. The anticipated economic slowdown is expected to exert pressure on OT cybersecurity budgets. Despite the inherent risks in OT environments, operators may be tempted to minimize cybersecurity spending during this downturn. The emergence of third-party managed security services providers (MSSPs) could play a pivotal role in bridging the cyber skills gap, offering specialized security knowledge to enhance OT cybersecurity.
The role of artificial intelligence (AI) in cybersecurity is also under scrutiny. Unlike the IT domain, there is a pushback against black-box AI solutions in the OT space. Security leaders emphasize the need for transparency in AI solutions, expressing concerns that AI capabilities developed by threat actors in the IT realm could pose significant risks to OT environments lacking AI-based defenses.
As 2024 unfolds, the intersection of regulatory involvement, economic constraints, and the evolving threat landscape sets the stage for an intriguing year in OT security. Organizations prioritizing OT security must invest in advanced threat detection systems, continuously monitor network traffic, and adopt a proactive risk assessment approach to effectively allocate cybersecurity budgets and thwart potential cyber threats.