Today, virtually all industries and governments are intrinsically and fundamentally dependent on critical infrastructure. A critical infrastructure can be defined as any system or asset, whether physical or virtual, that is vital to a country’s national security. Critical infrastructure is a combination of multiple distinct sectors, which are comprised themselves from numerous different industries. For example, the U.S. Department of Homeland Security (DHS) identifies 16 critical infrastructure sectors1.
Understandably, each has its own unique needs, challenges and threats. Yet, fundamentally they also share many of the same core issues. Historically, the threats to critical infrastructure industries were predominantly physical; be it from an attack or from natural disasters. But as operations increasingly became larger and more complex, so have the need for sophisticated Industrial Control Systems(ICS) and Distributed Control Systems(DCS) such as Modbus2 .This shift, however, also brought with it the dangers of cyberattack threats.
Initially, the most prominent cyberattack threats were from nation-state or terror threat actors. A 2014 survey of 9,700 firms found that nation-states often target critical infrastructure providers and suppliers to advance their political and economic agendas3 . But with the wide scale adoption of the internet, alongside proliferation of information, we have seen more and more critical infrastructure companies targeted by criminal actors with the intent of financial gain.
This report will review these threats, as well as break down the challenges and problems the sector currently faces. Due to the complexity and size of the matter at hand, this report will focus on several prominent sectors, including energy, water, manufacturing, aerospace, and telecommunications.
Our BDO Cybersecurity Advisory Services teams are located in 32 countries on six continents, providing a wide range of cybersecurity consulting services and managed security services every day. We support government agencies and commercial companies who are actively battling the continuous cyberattacks via nation-state cyberattack groups, criminal cyberattack groups and hacktivists worldwide. Our goal is to ensure all of our clients, especially those in the critical infrastructure industries, deploy efficient and cost-effective cyber defense by implementing what we call threat-based cybersecurity.
To implement threat-based cybersecurity, organizations must fully understand: the cyber threat actors targeting them; the cyberthreat vectors the cyberattackers are using; the cyberattackers’ most likely methods and tactics; and the information and intellectual property the cyberattackers are seeking to steal, disrupt or destroy. Understanding these variables are crucial to developing a customized cyber defense strategy and then implementing a timely and cost-effective cybersecurity risk management program.
We hope you will find this BDO CyberThreat Insights Report, focused on critical infrastructure, both enlightening and interesting.
Ciritcal infrastructure - challenges & problems
Critical infrastructure - notable attacks and events
Russian APT operations targeting critical infrastructure
Spotlight: protecting critical infrastructure through threat-based cybersecurity
BDO cyber threat intelligence (CTI) services
BDO cybersecurity services
Cybersecurity leadership team