From rising temperatures to more extended periods of drought, climate change is impacting many communities around the globe. The good news is that in response, the public and private sectors continue to introduce initiatives with a common goal: to help reduce our collective carbon footprint. Energy trends such as smart grids, smart homes with smart thermostats and smart appliances, solar roofs coupled with a storage battery, microgrids, and electric vehicles all play a vital role in ensuring a clean energy future.
Efforts to reduce greenhouse gas emissions are having major impacts on critical infrastructure—such as our electric grids, natural gas and oil pipelines, and even our transportation networks. To support the country’s growing use of renewable energy and other clean energy sources, electric utilities will need to implement private, secure communications networks that are foundational to the workings of a modern electric grid. Such advanced networks are required to process and send large volumes of data in real time to integrate various sources of distributed energy resources into the modern grid. As a result, critical infrastructure providers must implement security programs that adequately protect the IT and operational technology (OT) components that power our nation’s essential services.
In 2021, renewable energy generated about 20% of the electricity consumed in the United States, and that figure continues to grow. Some individual states are setting even more aggressive targets regarding renewable energy. One example is California, where the state legislature recently set a goal for achieving 90% clean electricity by 2035. To support these initiatives, data networks will increasingly play a critical role.
Advanced networking capabilities are foundational to a modern power grid. These networks must seamlessly support the IT and OT components that enable these grids to receive and transfer electricity from various sources in real time, such as solar roofs, utility scale solar farms, wind farms, hydro power plants, and even energy imported from a neighboring region. Smart grid networks also need to power ongoing, two-way communication and support the automated processes that are used to monitor electricity usage and system health at multiple physical locations. This is why the FCC licensed Spectrum for private advanced wireless systems for the use of critical infrastructure providers like energy utilities. Both fiber and wireless advanced networks are foundational to the operations of our modern utility systems.
Unfortunately, the nation’s critical infrastructures are desirable targets for sophisticated hackers, both foreign and domestic. If cybercriminals breach critical infrastructure sectors, such as the electric grid or an oil pipeline, the consequences can be devastating to its populace and widespread in impact. Not only are breaches disruptive to operations, harmful to an industry’s reputation, and potentially expensive to remediate, but they also pose severe threats to our global economies and communities. When critical infrastructure is down, vital services like electricity and natural gas are disrupted. Our fragile senior citizens and those dependent on medical devices that require electricity may be endangered. Business, education, and healthcare are disrupted.
A single password can help hackers access the keys to the kingdom. According to the Verizon 2022 Data Breach Investigations Report, stolen credentials lead to 50% of attacks. Often, basic cyber-hygiene principles—such as educating employees about what constitutes a strong password or enabling multi-factor authentication (MFA) across an enterprise—fall to the bottom of already-overburdened security teams’ task lists, leaving organizations at risk of an embarrassing attack.
Deploying effective cybersecurity solutions is fundamental to protecting critical infrastructure. Yet this presents an ongoing challenge for some organizations, particularly as OT networks are modernized. As OT and IT networks converge, the “air gap” that OT systems once relied on for maintaining strong security no longer exists. Without cybersecurity measures in place, these critical infrastructures are left vulnerable. The consequences of damaged power grids may be far-reaching, like leaving entire service areas in the dark for extended periods, or causing cascading power outages across a large region of the nation.
One of the most essential steps critical infrastructure organizations can take is implementing a zero-trust approach to cybersecurity. This network security philosophy provides that no one inside or outside the network should be trusted unless their identification is verified. However, there is still work to be done among the critical infrastructure sectors when it comes to embracing zero trust. According to IBM’s most recent Cost of a Data Breach report: “Almost 80% of critical infrastructure organizations studied don't adopt zero-trust strategies, seeing average breach costs rise to $5.4 million—a $1.17 million increase compared to those that do.”
Another crucial way to protect critical infrastructure operations is recognizing the risks that may threaten an organization’s integrity, which are not limited to cyberthreats. For example, an organization's operations could be impacted because of failed equipment, human error, or natural disasters, such as wildfires, floods, or hurricanes. Physical security measures are important as well, such as ensuring surveillance cameras are installed and monitored in restricted areas. Critical infrastructure organizations must consider these factors as they adopt a holistic risk management strategy.
Securing critical infrastructure is vital to ensuring everyone has access to essential utility services. It is also crucial in protecting other high-value industries from cyberattacks, such as the chemical, communications, emergency services, healthcare, information technology, and transportation sectors.
I am proud that Fortinet is an organization that is relied upon by many critical infrastructure providers to design a secure networking solution that is effective and efficient, ensuring that IT and OT environments are compliant and protected. As hackers daily launch new cyberattacks, critical infrastructure organizations must stay one step ahead by prioritizing strong security and safeguarding their networks that are so vital to our society.
Learn about our Public Sector Advisory Council (PSAC) members and how they’re helping Fortinet further guide public sector organizations through their evolving security challenges.