Significance of Critical Infrastructure Security

This CRS Report outlines several key observations and lessons derived from the Russian campaign against Ukrainian electricity infrastructure, which could be applicable to our own critical infrastructure protection efforts in the US. Some of the key observations: -The attacks focused on transmission facilities, substations, and large power transformers, with the goal of destabilizing major grid sections and hindering electricity transfer between Ukraine and Europe. -Ukrainian grid operators' familiarity with Russian tactics, vigilant cyber hygiene, and the use of manual override controls were crucial. Technical assistance from the U.S. and other countries also played a significant role in grid resilience. -Pre-war investments in transmission system modernization, stockpiling of spare equipment, and scenario modeling helped increase resilience. Wartime improvisation, such as using Starlink stations to fill communication gaps, was also vital. -Physical attacks had a more significant impact than cyberattacks, bringing the Ukrainian grid close to collapse with rolling blackouts becoming common. However, the grid did not entirely collapse due to robust pre-invasion preparations and international support. -Pre-existing issues such as low energy efficiency, governance challenges, and market structure inefficiencies were highlighted but not fully resolved. Emergency measures and international aid partially mitigated these problems. Lessons for the U.S.: Preparedness: The U.S. needs to consider long-term, sustained threats and the importance of maintaining critical infrastructure under persistent attack. Stockpiling and Modernization: Stockpiling of essential equipment and continuous modernization of grid infrastructure are crucial. Cybersecurity and Physical Security: Enhanced cybersecurity measures and physical protection of critical assets are necessary. Comprehensive Scenario Modeling: Emergency planning should include scenarios where the grid operates from a degraded state and considers the complex interdependencies among society, governance, and infrastructure. The report suggests potential congressional actions such as instituting stockpiling programs, creating industrial production incentives, establishing supply chain security requirements, and supporting the development of consensus resilience metrics.

Eighteen months ago, on behalf of the Foundation for Defense of Democracies (FDD), I published "Beijing’s Power Play", a report warning that PRC-linked #battery and #energystorage firms posed long-term #nationalsecurity risks to U.S. #criticalinfrastructure. Some argued the concern was overblown. Today, Reuters reports that U.S. officials have found undocumented #communication devices embedded in Chinese-made #inverters and battery systems—components with direct access to our power grid ⚡. These rogue channels could bypass firewalls and destabilize entire energy systems. This isn’t alarmism—it’s the tip of the iceberg 🧊. As I wrote then, these risks go beyond supply chains. They’re about control, dependency, and systemic vulnerability. The fact that many of these companies—like #CATL— are listed on the Chinese military company (CMC) list makes this all the more urgent 🚨. If you’re covering this issue or tracking developments in clean tech, energy resilience, or U.S.-China strategic competition, here’s the original report: https://lnkd.in/e2Ubn6Cr Grateful to see this story gaining attention. There’s much more to uncover. #nationalsecurity #energypolicy #cleanenergy #gridsecurity #chinathreat #criticalinfrastructure #inverters #batterystorage #cybersecurity #decoupling #CATL #geopolitics #supplychainsecurity #ESG #salttyphoon #volttyphoon #internationalrelations #internationalsecurity #duediligence #zeroday https://lnkd.in/eJmWFk9J

Why the U.S. Energy Sector Is a Top Target for Supply Chain Attacks ? New research from KPMG exposes a critical vulnerability in the energy sector: nearly 45% of breaches last year stemmed from third-party supply chains—far above the global industry average of 29%. ➥ Why Is the Energy Sector So Vulnerable? The industry’s rapid digital transformation has created a “new dynamic of risk.” While software innovation powers energy delivery, it also exposes companies to easier exploitation. Attackers now prioritize software vulnerabilities over physical infrastructure for faster and more lucrative gains. ➥ The Devastating Ripple Effect of Supply Chain Attacks: ↳ Energy systems are interconnected—one breach can cascade across the supply chain, disrupting entire regions. ↳ The Colonial Pipeline attack demonstrated this: a single breach disrupted fuel supplies along the U.S. East Coast. ➥ Why It Matters: Supply chain attacks in the energy sector can cripple critical services, from pipelines to EV charging stations. The stakes are high, and cybercriminals know it. ➥ How Energy Companies Can Defend Against Supply Chain Threats: ➙ Implement Least Privilege Access ↳ Restrict access to essential systems for employees and contractors to minimize attack surfaces. ➙ Use Network Segmentation ↳ Divide networks into secure zones to contain breaches and limit their spread. ➙ Adopt DevSecOps Practices ↳ Embed security into software development processes to detect and block malicious modifications early. ➙ Empower SOC Analysts ↳ Equip Security Operations Centers with advanced tools to detect and hunt threats across on-premises and cloud environments. Don’t Underestimate Third-Party Risk As threats grow in sophistication, third-party risk management must be a priority for every energy company. It’s time to evolve security practices to protect critical infrastructure and the lives that depend on it. PS: Are your supply chain partners as secure as your systems? Share your thoughts on reducing third-party risk below! ♻️ Share this post to raise awareness and protect vital industries. 🔔 Follow Brent Gallo - CISSP for expert insights on cybersecurity in critical sectors. #CyberSecurity #EnergySector #SupplyChainRisk #CriticalInfrastructure #RiskManagement #DevSecOps #NetworkSecurity

While it is unlikely to ever secure IT and #OT environments 100%, risk reduction strategies can be put into place to prevent cyberattacks from becoming successful. Organizations should understand and prioritize the most critical operational functions that, if disrupted by a direct #cyberattack or the loss of a key third-party service, would have a significant impact on the ability to operate. For instance, if a single facility accounts for 90% of a company’s revenue or a single #substation services a key #nationalsecurity site in a remote location, these assets are likely top priorities to keep operational and reduce downtime. Once these critical functions are identified, the organization can map the IT and OT network pathways that support these systems and implement security or engineering controls to reduce risks of downtime or failure. Identifying and mitigating known vulnerabilities are also critical steps in the risk reduction process. Organizations can make significant gains by simply closing gaps that are widely known to exist. Installing cybersecurity sensors for 24/7 monitoring can also lead to faster mitigation action to limit damage from a cyberattack. Cyberattacks can occur at any time and having a dedicated team available on call to identify and respond to an incident can limit downtime and the potential for the event becoming a more widespread issue. Closing vulnerabilities and implementing #networkmonitoring are effective measures for reducing cyber risks in existing #criticalinfrastructure but to really get ahead of the risks presented by a growing #attacksurface, #cybersecurity and resilience should be addressed at the earliest design and planning phases of new projects. This kind of collaboration, commonly referred to as Cyber-Informed Engineering, consists of discussions among cybersecurity professionals, engineers and project designers to identify and address cyber risks in the control and safety of automated systems. When done at the front end, this approach can make the implementation of cybersecurity controls more effective, efficient and cost-effective rather than trying to add these measures on after the capital project is completed. Write up by Victor Atkins #ICSsecurity #SCADAsecurity #OTsecurity #IndustrialSecurity

Standing here at an undisclosed location, you can clearly see the practice of layered security. Protecting critical infrastructure like our power grid requires a multifaceted approach, which I want to discuss today. Behind me is a precast concrete ballistic wall engineered to withstand significant threats. Beyond is a chain-link fence with barbed wire—a clear perimeter. But effective security for utilities and critical infrastructure goes far beyond what's immediately visible. It's about creating defense in depth – a system with multiple, overlapping layers of protection. Key layers commonly used in such facilities: - Deter: Visible measures (fence, wall, cameras, lighting) discourage intrusion. Modern systems often use AI-powered analytics to enhance this. - Detect: Sophisticated systems (motion sensors, vibration sensors, thermal cameras, potentially AI-enhanced analytics) provide early warning of breaches. - Delay: Physical barriers (walls, fences) slow intruders, giving response teams time. The ballistic wall is a significant delay factor. - Respond: Trained personnel and protocols ensure a swift, coordinated response, including communication with law enforcement. - Assess: Regular vulnerability assessments, penetration testing, tabletop exercises, and audits help keep security up to date. "What-if" scenarios, sometimes using AI-driven analysis, guide improvements. This layered approach ensures that even if one layer is compromised, others are in place to protect the critical assets within. It's about resilience – not relying on a single point of failure but building a system that can withstand a variety of threats, from vandalism to more sophisticated attacks. The integration of technology, including advancements like AI, is enhancing the capabilities of these traditional security layers, making them smarter and more responsive. However, the fundamental principle remains the same: multiple layers of defense provide the most robust protection. Protecting critical infrastructure is vital for reliable service delivery. #CriticalInfrastructure #SubstationSecurity #PhysicalSecurity #LayeredSecurity #DefenseInDepth #Utilities #DataCenters #AI

Many don’t realize that cyberattacks against Critical Infrastructure sectors, can cause more than an inconvenience of a temporary power outage. Critical Infrastructures are a favorite of aggressive Nation State cyber threats. In addition to communications disruptions, power outages, and healthcare billing, these attacks can also seek to disrupt food distribution.   The result – empty shelves and people scrambling to acquire groceries. There is currently a cyber-attack affecting the main grocery retailer in Scotland, resulting in empty shelves for many foodstuffs. (https://lnkd.in/gzkhP2vD) Nothing is as effective at changing people’s attitudes and motivating capitulation than the unavailability of food. It is an age-old strategy used for sieging forts, towns, and even nations. Cybersecurity now protects many of the critical path systems for food production, transportation, and distribution. It puts a different spin on the value of #cybersecurity and how aggressive nations can wreak havoc on the citizens of their adversary. It is something to consider as we move into an age where cyber-attacks are being leveraged as a foreign policy tool. #CriticalInfrastructure #cyberattack

How secure is the supply chain for your inverter-based resource? I drank my coffee this morning while discussing how to better secure their PV + Storage site and I wanted to share some of the things that I was reflecting on as I went about my day - which included several more conversations about supply chain followed by cybersecurity. As inverter-based resources (IBRs) like solar, wind, and battery storage become more integral to the grid, their supply chain security is coming under greater scrutiny—especially for entities subject to NERC CIP Low Impact requirements. While CIP-013 focuses on supply chain risk management, many assume that CIP Low environments are less vulnerable. But with increasing cyber threats targeting distributed assets, even Low Impact systems need a strong defense. From our observations, we have noted the following risk areas for IBRs: - Component Integrity & Authenticity – Inverters, controllers, and communications equipment sourced from insecure vendors can introduce hidden vulnerabilities. - Firmware & Software Security – Unverified updates or compromised supply chains can expose IBR assets to malware and backdoors. - Vendor Risk Management – Third-party providers may lack robust cybersecurity controls, increasing exposure to supply chain attacks. I have seen some of the more proactive owners take the following steps to ensure their resources are reliable: – Only apply verified firmware/software updates from trusted sources to prevent tampering, adding Strict Update Controls – Assess supplier security practices, including firmware integrity and secure manufacturing processes, is this a known manufacturer? - Maintain a spare parts inventory, not all supply chain challenges are digital. Real world production and shipping delays can affect output. Building, Operating and Maintaining these projects take time, and capital. It's critical to ensure the components that build our Bulk Electric System are sourced and maintained appropriately. While CIP Low sites have fewer regulatory obligations than Medium and High Impact assets, supply chain security remains critical for reliability and resilience. How is your team managing supply chain risks in CIP Low environments?

What I have been telling people - Based upon the London Power outage and some of the current issues that we are seeing in power regulation is due to these factors - This is becoming more relevant that these listed issues are becoming more and more prevalent .... Increased Connectivity and IoT Integration:OT systems, traditionally isolated, are now increasingly connected to IT networks and the internet. This expands the attack surface, making them vulnerable to cyber threats. Example: The proliferation of Industrial Internet of Things (IIoT) devices in manufacturing and energy sectors introduces numerous potential entry points for attackers. Ransomware Attacks:Ransomware is a significant threat to OT, as attacks can disrupt critical infrastructure operations.  Example: Attacks targeting water treatment plants or energy grids can have severe real-world consequences, beyond just data loss. Aging Infrastructure and Legacy Systems:Many OT systems rely on outdated hardware and software with known vulnerabilities.  Example: Older industrial control systems (ICS) may lack modern security features, making them easy targets. Insider Threats:Both malicious and unintentional actions by insiders can compromise OT security.  Example: An employee accidentally introducing malware via a USB drive or a disgruntled employee intentionally sabotaging equipment. State-Sponsored Attacks:Nation-states are increasingly targeting critical infrastructure with sophisticated cyberattacks.  Example: Attacks aimed at disrupting power grids or telecommunications networks for geopolitical purposes. Supply Chain Vulnerabilities:Compromised software or hardware from third-party vendors can introduce vulnerabilities into OT systems.  Example: Malicious code inserted into industrial control components during manufacturing. AI-Powered Cyberattacks:Cybercriminals are increasingly using AI to automate and enhance their attacks.  Example: AI can be used to create very convincing phishing attacks, or to find vulnerabilities in OT systems much faster than humans. Lack of OT Cybersecurity Awareness:Many OT personnel lack adequate cybersecurity training, making them susceptible to social engineering attacks. Example: Engineers being tricked into opening malicious attachments or visiting compromised websites. Why OT is Particularly Vulnerable: Safety-Critical Systems: OT systems often control physical processes that, if disrupted, can lead to safety hazards or environmental damage.  System Uptime: OT systems often require continuous operation, making it difficult to implement security updates or patches. Unique Protocols: OT systems use specialized communication protocols that are often not supported by traditional IT security tools.  Addressing these challenges requires a layered security approach, including robust network segmentation, intrusion detection systems, regular vulnerability assessments, and ongoing cybersecurity training for OT personnel.

🚨 Cybersecurity Alert: Industrial Control System Hijacked at US Water Utility🚨 In a recent cyber incident, the Municipal Water Authority of Aliquippa in Pennsylvania experienced a system breach. Hackers took control of a booster station's system, raising alarms about cybersecurity in critical infrastructure sectors. ✅ Key Highlights: - The compromised system was part of a booster station that regulates water pressure for several townships. - Despite the breach, officials confirmed no risk to the water supply or drinking water. - The intrusion was swiftly detected, and the compromised system was disabled. - Responsibility for the attack was claimed by an Iran-linked hacktivist group, Cyber Av3ngers, known for targeting industrial control systems. 🔒 Cybersecurity Insights: - This incident underscores the vulnerability of industrial control systems, especially those with internet-exposed human-machine interfaces (HMI). - The Cyber Av3ngers group has a history of exaggerating the impact of their attacks, but the threat to critical infrastructure remains a serious concern. - Pennsylvania State Police were notified, but involvement of federal authorities is not clear. 🌐 Implications for the Water Sector: - Cyberattacks on water facilities are not new, and this incident adds to the list of such breaches. - The US government's Cybersecurity and Infrastructure Security Agency (CISA) offers free vulnerability scanning services to organizations in this sector to enhance their defense mechanisms. 🤔 Thought-Provoking Takeaway: This event serves as a reminder of the ongoing cybersecurity challenges facing critical infrastructure. It highlights the need for robust security measures and constant vigilance to protect against such threats but also the lack of security within critical infrastructure and the need to prioritize securing these facilities before a major event costs actual human life. 🔗 Listen to the podcast coverage this morning: https://lnkd.in/eM9yW6w #Cybersecurity #InfrastructureSecurity #WaterUtility #CyberAttack #InformationSecurity

A Chinese State sponsored group (I refuse to use the marketing nomenclature), is targeting global critical infrastructure sectors like telecommunications, government, and service providers. Their tactics include exploiting server vulnerabilities, deploying custom malware, and infiltrating vendor networks. What can critical infrastructure organizations do? ✅ Patch public-facing systems regularly to mitigate known vulnerabilities. ✅ Strengthen vendor access controls with multi-factor authentication and regular audits. ✅ Leverage your CTI Teams to provide you up to date information of your threat landscape 🔐 Critical infrastructure is the backbone of our global society—proactive security measures are essential to defend against sophisticated cyber threats. Stay vigilant and secure! You can find more in the official report by Trend Micro https://lnkd.in/gg_U9xg2 #Cybersecurity #CriticalInfrastructure #ThreatIntelligence #CTI