Security News > 2021 > June > No Time to Waste: Three Ways to Quickly Reduce Risk in Critical Infrastructure Environments
For years now, the government has been warning openly and clearly of targeted attacks against government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
Last July, the National Security Agency and the Cybersecurity and Infrastructure Security Agency issued a joint alert in response to a growing number of attacks targeting industrial networks.
The alert included broad warnings of an imminent and serious threat across all 16 critical infrastructure sectors and lengthy, detailed sets of recommendations for how to protect operational technology environments.
Following the attack on Colonial Pipeline, CISA and the FBI issued an alert urging critical asset owners and operators to adopt a heightened state of awareness and implement various controls in the face of ransomware attacks, including robust network segmentation between IT and OT networks, regular testing of manual controls, and the implementation of backups that are regularly tested and isolated from network connections.
We don't have three to five years nor the resources to physically segment networks that are geographically dispersed across, say, 100 manufacturing sites around the world.
The essential elements are in place to help reduce risk to critical infrastructure, so we can move straight to run.