Cyberattacks are on the rise and threatening our digital life and our most intimate information — but also our operational realities. Attacks on critical infrastructure such as power plants, water works, airports and the like (transportation ranks among the highest-value targets for cyberattackers seeking maximal impact) are no longer theoretical — but when it comes to securing these complex systems, there are unique challenges, such as an inability to patch.
In recent decades, critical infrastructure systems have grown ever more connected. Legacy components, which were not designed for the online arena, are now networked en masse. What’s worse, security teams trained to focus on physical safety are prone to downplay (or outright miss) growing digital-age risks. Sure, connecting all of a grid’s transformers might improve efficiency and maintenance, but if officials can connect remotely to monitor the device, can’t a hacker compromise that very device in much the same way?