Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Defining the Threat Created by the Convergence of IT and OT in Critical Infrastructure

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of information and operational technology (OT) in this area.

Trustwave SpiderLabs’ just released 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report highlights these challenges by disclosing how threat actors attack critical infrastructure and offers recommendations that operators can adopt to make their facilities more secure and resilient.

The convergence of IT and OT systems presents novel security hurdles. Many organizations erroneously assume their OT systems are immune to cyber threats due to being air-gapped, which has led to lax attitudes towards patching and updating legacy systems.

 

The Threat

We can see the result of critical infrastructure operators worldwide being under-prepared from a security standpoint in the almost endless string of attacks that have recently taken place. The Center for Strategic & International Studies lists dozens of attacks against infrastructure and political targets. These include:

  • March 2024: Iranian hackers compromised an IT network connected to an Israeli nuclear facility. Hackers leaked sensitive facility documents but did not compromise its operational technology network.
  • September 2023: Iranian hackers launched a cyberattack against Israel’s railroad network. The hackers used a phishing campaign to target the network’s electrical infrastructure. Brazilian and UAE companies were also reportedly targeted in the same attack.
  • November 2023: Denmark suffered its largest cyberattack on record when Russian hackers hit 22 Danish power companies.

 

The Challenges

Trustwave SpiderLabs’ elite team of researchers noted in the report how the diverse nature of the entities involved in the ownership and management of these facilities, which range from small local utilities to federal agencies, impact their security preparedness.

Adding to the problem is many critical infrastructure systems are decades old and may or may not have been updated recently, often due to cost concerns, making them even more susceptible to attack. Finally, cybersecurity isn’t always a high priority for critical infrastructure owners; instead, ensuring the service remains available is job number one.

These systems are also interdependent, meaning a disruption in one sector, like power or water delivery, can have cascading effects on others, causing widespread outages and hardships for citizens.

Another side effect of the system’s age is that a facility tends to become a hodgepodge of non-standardized equipment, generally due to the plant being updated or added to over the years. This unwieldy creation is, in fact, a perfect example of how many critical infrastructure operators prioritize operational capacity over security. Using disparate parts and systems creates additional security gaps because they were not designed to work together but to enable the facility to continue operating.

Moreover, integrating IT and OT systems gives rise to fresh avenues for cybercriminals to exploit. Often, these systems lack proper segmentation, granting attackers unhindered movement within networks. Moreover, reliance on third-party vendors for services opens doors to security vulnerabilities, as these entities can be manipulated or compromised.

Furthermore, the escalating adoption of machine-to-machine communication in critical infrastructure introduces new concerns regarding physical security. Attackers can potentially exploit these automated systems. The merging of IT and OT systems compounds these risks, as they were not originally designed with robust security measures.

Here are just a few of the OT/IT security issues disclosed in the report:

  • Limited Asset Management: Organizations often lack a comprehensive understanding of their OT environment. They may not have a complete inventory of all systems and their configurations, making it difficult to identify vulnerabilities and implement proper safeguards.
  • Patching Challenges: Legacy OT systems often present unique patching difficulties. These systems may be one-of-a-kind and critical to operations, making downtime for patching risky.
  • Resilience and Response: Building redundancy into critical infrastructure systems is crucial for maintaining resilience in the face of cyberattacks. Having multiple systems allows for continued operation if one system is compromised.

 

Trustwave’s Threat Intelligence Report Library

The Public Sector report is just the latest in a series researched and published by Trustwave SpiderLabs. Please visit these for an in-depth analysis of the security issues facing each industrial sector.

Please download the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies for all the background details on these threats, the groups behind them, and how to properly defend your public sector organization.

Latest Trustwave Blogs

How Deepfakes May Impact Upcoming Elections Worldwide

The common fear regarding election interference is that a threat actor will gain access to either ballot machines or the networks that tally votes. However, there is a much easier method a person...

Read More

Get to Know MXDR: A Managed Detection and Response Service for Microsoft Security

The Microsoft 365 E5 license gives users entitlements to numerous Microsoft Security products—so many, in fact, that as companies deploy the Microsoft Security suite, they may need a managed...

Read More

Trustwave eBook Now Available: 8 Experts on Offensive Security

It is now obvious that defensive measures alone are no longer sufficient to protect an organization from cyberattacks. Threat actors are increasing their capacity at such a rate that merely sitting...

Read More