IT, OT, and CNI: a hidden threat?

Powerlines at sunset

Advanced economies now rely heavily on their IT infrastructure, as recent events have shown only too clearly.

We are probably fortunate that the incident that grounded flights and stopped card payments around the world was down to software errors, rather than cyber attacks. But it shows just how fragile systems can be.

And we still cannot discount the possibility of deliberate attacks on large-scale, critical infrastructure. In fact, much of that infrastructure is even more vulnerable to malicious actors.

Industrial and operational technology (OT) just has not had the same focus from the cybersecurity industry as general IT.

Those systems are now being targeted by both state-sponsored actors and criminal groups. Even if these groups are not actively planning an attack now, they are carry out reconnaissance. This puts them in a strong position: they can exploit vulnerabilities at a time that suits them.

Recent research suggests that many, if not most, of the groups attacking critical national infrastructure are linked to national intelligence agencies. And that raises some difficult questions about how both businesses, and their governments, should respond.

Our guest is Mark Magpie Graham, technical director for threat intelligence at Dragos, the firm that carried out the research.

We discuss whether OT is well enough protected, and if it is not, what we need to do about it.

Image by Joe from Pixabay