Critical infrastructure foundation is built on industrial control systems such as SCADA systems and other OT systems. Modern operational networks are constantly evolving due to developments, such as; Industrial Internet of Things (IIoT), Industry 4.0, smart grid and others. With the increase in complexity, comes increased risk. Cyber-attacks against OT networks in critical infrastructure can lead to devastating outcomes, with critical operational downtime being the prime target. New cyber-threats against operational networks in critical infrastructure are forcing operators to change their approach and strategy regarding OT security. Since connectivity and adoption of IIoT devices is inevitable due to business requirements, operators must start planning how they can remain secure while increasing connectivity instead of depending on outdated approaches such as air-gapping between IT and OT. This will allow them to protect themselves from attacks trying to disrupt their operations.
Critical infrastructure such as utilities are considered to be prime targets for targeted attacks. Famous incidents, such as the attack against the Ukraine power grid in 2015 and 2016, and the rise of recent attacks on critical infrastructure due to COVID-19, show how adversaries can leverage the connected IT/OT environments to cause disruption. By continuously monitoring the activities in the internal OT networks, critical infrastructure networks can detect threats early in the kill chain. Early detection enables proactive actions that mitigate the potential threat before critical assets are endangered. In the past, operators could trust good network segmentation, isolation or air-gapping as an effective security measure. But due to the increasing connectivity and remote access, this is no longer possible. The adoption of new advanced technologies creates a more dynamic OT environment and requires better control over the assets, devices, and equipment running within the network. The SCADAfence Platform’s digitalized mapping and full visibility do just this, with no prior knowledge required and automatically obtained based on non-intrusive monitoring of the network.