In response to escalating cyber threats targeting critical infrastructure (CI) operators, cybersecurity experts are advocating for a renewed focus on basic security controls and increased strategic leadership from federal agencies. Recent attack campaigns, notably the infiltration of hundreds of Small Office/Home Office (SOHO) routers by the Chinese hacking group Volt Typhoon, have underscored the urgent need for robust defenses in sectors such as water and energy.
During a hearing before the House Homeland Security Subcommittee on Critical Infrastructure Protection, specialists in Industrial Control Systems (ICS) and Operational Technology (OT) highlighted the vulnerabilities faced by CI operators and offered insights into potential solutions. The attacks orchestrated by Volt Typhoon, which exploited compromised routers to breach CI networks in the United States, have raised significant concerns among legislators and federal regulators.
"Only two to three percent of vulnerabilities even matter to OT operators. If you steal from IT, you steal people’s data. If you target OT, you can kill people," remarked Robert M. Lee, CEO of Dragos, emphasizing the gravity of the threat posed by cyber intrusions into OT networks.
Addressing the disparities in technology, staffing, and funding among CI operators, witnesses stressed the importance of practical security measures such as Multi-Factor Authentication (MFA) for access control. The complexity of defending OT networks, compounded by limited budgets, underscores the need for tailored cybersecurity expertise and standardized incident reporting mechanisms.
Charles Clancy, Senior Vice President and General Manager of MITRE Labs, highlighted the role of federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) in bolstering OT-specific cybersecurity capabilities and establishing baseline security requirements for CI networks. Clancy also emphasized the importance of collaboration among government agencies, industry stakeholders, and security vendors to mitigate the burden on CI operators.
Other cybersecurity experts weighed in on the meeting.
"The role of critical infrastructure and use of OT segmentation has been a foundational approach to protecting vital infrastructure. However, the evolving cybersecurity threat, shrinking expertise, and staffing issues represent a new threat," noted Mark Cooper, President & Founder of PKI Solutions. Cooper advocated for the adoption of automation and intelligence tools to augment existing skills and fortify CI defenses against emerging cyber threats.
As the specter of cyber attacks looms large over critical infrastructure, stakeholders are calling for concerted efforts to strengthen resilience and safeguard vital systems against malicious actors. With proactive measures and strategic investments in cybersecurity, CI operators can mitigate risks and ensure the integrity and availability of essential services in an increasingly digitized world.