Securing Critical Infrastructure From Nation-State Threats

Uploaded on 2025-01-31 in TECHNOLOGY--Resilience, FREE TO VIEW

The year 2025 must see investment in securing critical infrastructure from nation-state threats.

Cyberattacks by state-backed actors have become an increasingly critical issue as global tensions heighten. With these attacks frequently targeting critical national infrastructure (CNI), we spoke to Andrew Lintell, General Manager, EMEA, at Claroty, who believes more must be done to protect the vulnerable operational technology underpinning essential areas like energy, water and transport.

Q1: Why are state-sponsored cyber threats increasingly targeting OT environments? How severe is the threat?

Cyberattacks have become a standard part of the nation-state playbook. From attempts to steal military secrets to concerns about an all-out cyberwar, state-backed actors are a dominant factor in the global risk landscape.
The lion’s share of incidents are attributed to the so-called ‘Axis of Upheaval’ comprised of China, Russia, Iran and North Korea, also known collectively as CRINK. Each nation has been identified in several attacks.

The most dangerous aspect of nation-state threats is their potential to disrupt critical national infrastructure (CNI). Targeting healthcare, energy supply chains and other essential assets is an effective way of weakening a rival nation, both instead of and alongside conventional warfare. The CRINK nations each have their own aims and distinctive tools and techniques but will typically target the same sectors. As a result, CNI providers must defend against a range of geopolitical threats.

Many CNI sectors are centred on cyber-physical systems heavily reliant on operational technology (OT). These environments are particularly vulnerable as many were never designed for digital threats, and outdated legacy systems are prevalent. Critical operations like healthcare and power generation must also deliver constant uptime, making it difficult to implement substantial security overhauls.

The rapid convergence of OT with traditional IT we’ve seen over the last few years has further expanded the attack surface, allowing threat actors to exploit weak links in integrated systems.

The stakes of an OT attack are especially high for critical infrastructure. A successful attack could cripple supply chains, endanger public safety, and disrupt entire economies.

Q2: What are some of the challenges in countering the escalating threat to OT environments?

One of the most significant issues in OT security is the divide between operational technology and traditional IT systems. Since OT typically isn’t compatible with standard cybersecurity solutions traditionally tailored to IT environments, achieving a uniform view of both environments is challenging. This inevitably leads to blind spots in monitoring capabilities and gaps in security processes that threat actors can find and exploit.

Investments in OT-specific tools such as network segmentation and threat detection systems are essential. These solutions help mitigate risks unique to OT environments that are often comprised of multiple assets working on their own proprietary operating systems.

These investments should focus on the most pressing cyber risks facing OT operators. For example, the growing challenge around managing third-party risk means secure access tools and network segmentation are likely a high priority.

Bridging the gap between IT and OT presents some organisational challenges as well as technical demands. It’s important to recognise that traditional IT-centric security strategies are inadequate for addressing OT-specific vulnerabilities, and existing IT processes cannot simply be copied over.

Forming a joint IT-OT security task force that reports to the board is a good way to delve into this issue, giving stakeholders and decision-makers a chance to share their expertise and priorities.

Q3: How can organisations overcome cultural and operational divides between IT and OT teams?

Alongside technology and processes, the cultural and operational divide between IT and OT teams can be a stumbling block for organisations trying to secure their critical infrastructure.

Historically, IT teams have focused on data confidentiality, integrity, and availability, while OT teams prioritise safety, uptime, and operational efficiency. These differing priorities can lead to conflicts, especially when cybersecurity measures are perceived to interfere with production processes. For example, a policy of rapid vulnerability patching could cause issues if it risks disrupting critical industrial systems.

Education also plays a key role. IT and security practitioners often lack expertise in OT systems, while OT staff may likewise lack cybersecurity training. Providing tailored training programmes for OT personnel will improve their ability to identify threats and deal with tactics like phishing.

Leadership plays a key role in overcoming this gap. CISOs must engage OT stakeholders early, fostering trust and mutual understanding. A joint task force and other cross-functional teams that combine IT and OT expertise can also help. These teams should collaborate on risk assessments, incident response, and shared security protocols.

Q4: What roles do CISOs play in driving IT-OT convergence? What strategies can they adopt to lead effectively?

CISOs are pivotal in ensuring IT-OT convergence strengthens security rather than creating new vulnerabilities. They must create cohesive strategies that address risks across both domains.

Effective CISOs draw on IT best practices, such as automated monitoring and risk management, while respecting OT’s operational constraints. Supply chain security is an especially pressing concern in OT environments due to their reliance on third-party vendors and legacy systems.

CISOs will need to understand how the unique set of OT challenges intersects with other IT security demands, working out how to unite them as a cohesive whole.

The CISO is a critical conduit for helping IT and OT teams communicate, while overseeing activity on both sides.

As with standard IT security, they also have a key role in translating technical risks into business terms to secure executive and board-level buy-in. Framing cybersecurity as essential for operational continuity, rather than as a cost, can unlock resources and support.

Q5: How should companies prioritise their cybersecurity budgets to address the evolving threat landscape?

With OT assets increasingly being targeted by nation-state actors and other threat groups, organisations must recalibrate cybersecurity budgets to address the unique vulnerabilities of these systems.

OT breaches can go beyond the already severe financial and reputational consequences of a security breach, causing potentially catastrophic infrastructure failures.

To mitigate these risks, companies should allocate dedicated budgets for OT-specific tools like intrusion detection and endpoint protection systems rather than attempting to make do with existing IT cyber tools.

Compliance with frameworks like NIS2 is another key driver. Meeting regulatory standards not only avoids penalties but also aligns security with broader operational goals. Organisations should view compliance as an opportunity to strengthen defences rather than a tick-box exercise or a burden.

Further, prioritising OT-focused investments can also help organisations gain a competitive edge in an increasingly security-conscious market. Proactive investments demonstrate commitment to stakeholders, including regulators and investors.

This framing can help to elevate security investment to a positive, business-wide initiative rather than a reactive spend in response to threats and regulatory demands.

Andrew Lintell is General Manager EMEA at Claroty

Image: Ideogram

You Might Also Read:

NIS2 - Countdown To Compliance:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.