Critical infrastructure security has become an increasingly priority area for authorities around the world. Critical infrastructure refers to sectors such as communications, transport, energy, water, healthcare and certain public facilities.
Now several countries have woken up and realized that these must also be protected from a cyber perspective, states the analysis company Gartner in a new report.
“Governments in many countries are now realizing that their national critical infrastructure has been” an undeclared battlefield “for decades,” said Ruggero Contu, chief analyst at Gartner. They are now implementing measures for more security checks in the systems that support these assets.
A survey of this target group by Gartner shows that 38 percent of those surveyed have increased their investments in operational security technology by between 5 and 10 percent in 2021. A further eight percent increase their investments by more than 10 percent.
But this is an underinvested area in the past, according to Gartner, and it is uncertain whether these increases will suffice.
– In addition to having to catch up, they are also experiencing an increasing number of threats, which are becoming increasingly sophisticated. Critical infrastructure owners and operators are also struggling to prepare for increased supervision.
The increased risk requires a holistic security strategy, where the security of IT, IoT and operational technology is coordinated, Gartner writes in the report.
Over time, the technologies underlying critical infrastructure have become increasingly digitalized and interconnected, either with enterprise IT systems or with each other – creating security risks for cyber-physical systems (systems designed to use IT to control and regulate machines and appliances).
This has resulted in an increased attack surface for hackers and other malicious actors.
Gartner believes that as many as 30 percent of the organizations working with critical infrastructure will experience a security breach by 2025 and that it will result in operational or operationally critical cyberphysical systems going down.