By Chase Snyder, Sr. Product Marketing Manager

In December 2022, Microsoft published the third edition of their Cyber Signals report, which focused entirely on the gathering storm of cyberattacks against critical infrastructure, operational technology (OT), and the internet of things (IoT). 

The outlook for 2023 is bleak.

For Microsoft to focus resources so intensively on this specific topic is a signal in itself. The critical infrastructure security problem is already huge, and growing fast. Here are two of the most eye popping stats Microsoft published in the report, and what they mean for critical infrastructure operators. 

Stat 1: “78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment”

High severity vulnerabilities in industrial devices are being disclosed at an accelerating pace. That means more ways for cyberattackers to access and exploit the most sensitive assets. In the past, the risk of exploitation could be mitigated by massively limiting the connectivity of these devices. They might be connected to a local network and managed by on-site staff, but the local site was completely “air-gapped,” so attackers had no way in from the public internet. This allowed critical infrastructure operators to achieve incredible uptime and productivity without worrying too much about updating operating systems and software on their devices. But ever since the 2021 Colonial Pipeline attack, it has become clear that attackers can easily threaten operational technology by first attacking the internet-facing IT infrastructure, then seeking a path to infiltrate OT systems and the organization’s critical infrastructure. 

The Takeaway

Critical infrastructure operators have a tough pill to swallow. Operational technology that could formerly be allowed to continue operating older, more vulnerable software must now either be updated, or secured using new cybersecurity mesh technologies that can walk the fine line between allowing remote access and connectivity, while still providing layered security to stop increasingly sophisticated attackers.

Stat 2: “Seventy two percent of software exploits utilized by “Incontroller,” what the Cybersecurity and Infrastructure Security Agency (CISA) describes as a novel set of state-sponsored, industrial control system (ICS) oriented cyberattack tools, are now available online.

This is a common pattern: sophisticated attackers develop tools that then become available online and are used by an increasing number of less sophisticated attackers. While advanced, nation-state affiliated adversaries may use tools for more politically-oriented ends, the same tools will inevitably be used for pure financial extortion. Critical infrastructure makes an appealing target for attackers from either camp.

The Takeaway 

Time is against you. When the tools required for sophisticated attacks on critical infrastructure were only available to a few sophisticated actors, you might be forgiven for thinking you had a little while before your organization was in the crosshairs. Now that exploits specifically targeting industrial control systems are widely available online, every critical infrastructure organization that hasn’t modernized their security and operations is at risk.

Zero Trust-based Cyber Hardening is the Way Forward

After revealing these discouraging stats about the state of cybersecurity for critical infrastructure, Microsoft’s Cyber Signals report provided a series of recommendations leaning heavily on a Zero Trust methodology for achieving unified security across IT, OT, and Cloud. You can read Microsoft’s full 2022 Cyber Signal report here.

While the challenge of securing operational technology without replacing or updating it or causing costly downtime is daunting, there is a way forward! With the cybersecurity mesh approach provided by Xage Fabric, it becomes possible to achieve the zero trust security requirements for critical infrastructure laid out by organizations like TSA and CISA without having to rip and replace existing operational technology.

To learn more about the Xage Fabric, and how it enables identity-based access management & asset protection, privileged access management, and zero trust remote access to critical infrastructure, click here.