<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Critical Infrastructure Companies Face Immense Cyber Risk


Imagine the U.S. lost all power; transportation systems have failed; businesses have been forced to shut down, and millions of people are in a panic. No one would be able to deny the importance of critical infrastructure. Cyberattacks of late are allowing us to imagine, for better or for worse, that incidents like these, but typically at a smaller scale, are more possible than ever. The growing threat of advanced cyberattacks on critical infrastructure and industrial control systems indicates a serious challenge for organizations.

There are many critical infrastructure sectors in the U.S. from energy to transportation to health, and “their incapacitation or destruction would have a debilitating effect on national economic security, national public health and safety, etc. Cybersecurity threats impact companies, reputations as well as the ability to innovate. Therefore, the protection of all sectors is critical, and now is the time to take action.

Many of the cyber defenses used by organizations and operators to avoid attacks are outdated and ineffective, however, as hackers always seem to be one step ahead. Also, visibility within cyber teams is lacking and human error is difficult to keep track of, leaving vulnerable spots for hackers to enter.


Energy and utility organizations worldwide are focusing on cybersecurity attacks, and because without a stable energy supply the economy cannot function, the sector is a priority target for cyber terrorists.

In 2012, Saudi Aramco, a Saudi Arabian oil company, was hacked, and hackers replaced data on hard drives with an image of a burning U.S. flag. It prompted the then Secretary of Defense Leon Panetta to label the incident as a significant escalation of the cyber threat.

Between 2010-2014 hackers had stolen source code and blueprints to the U.S. oil, water pipelines, and power grid, and had infiltrated the Energy Department's networks on 150 occasions. In 2015, a cyber attack on Ukraine’s power grid left 700,000 people without electricity for several hours just days before Christmas. Strikingly, the hackers behind this incident have attempted few attack against the U.S. energy sector.

Transportation & Logistics

The transportation industry is of utmost importance when it comes to prioritizing cyber program management. According to Security Trends in the Transportation Industry (published by IBM in 2016), cybercriminals are targeting all the systems used in this industry, including navigation, tracking, positioning, and communication systems. Those who facilitate our daily use of trains, planes, ships, and automobiles are under constant attacks.

In 2014, the Chinese national train reservation system was targeted by hackers who stole customers’ personal data. In 2015, the Polish national airline, LOT, had to cancel 10 flights due to a cyber attack against the airline’s computer system at a local airport.

Earlier this year A.P. Moller-Maersk, a Danish business conglomerate with activities in transport and logistics, fell under a cyber attack. Hackers managed to damage Maersk’s computer system, and it led to disruption in transport across the globe, including delays at the Port of New York and the Port of Los Angeles.

These examples prove that without a complete security system, cybercriminals could destroy the infrastructure that critical infrastructure industries have worked so hard to build. Over the past few years, industries have begun the process of turning paper processes digital and using advanced analytics in order to meet needs, and more technology evolution leads to more doors for a cyber terrorist to enter. 

As a stakeholder in a critical infrastructure organization, where do I start?

It is important for industries to assess their cybersecurity risks and to protect themselves. An optimal way to start is to adopt a cybersecurity framework.

NIST developed the Cybersecurity Framework (CSF) to enhance the security and resilience of the nation’s critical infrastructure, and is considered the fullest set of best practices for any business's cyber program. The voluntary risk-based framework compiles a set of controls to help organizations manage cybersecurity risks. As a matter of fact, all government agencies are required to use this framework for protection purposes. It creates a common language for all the stakeholders to address and manage risks.

As of 2015, 30% of U.S. organizations were using the NIST CSF, and use is predicted to rise to 50% by 2020. Only when more and more companies get on board with this framework, we can better prepare for cyber attacks. Don’t wait until the attack hits for your business's wake up call. Realizing the significance of how a framework can exponentially increase your resilience can help you immensely as you work to make your cybersecurity program more robust.

Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption

You may also like

Compliance and Regulations for ...
on January 9, 2023

Compliance for many cybersecurity programs has been the cornerstone and the catalyst for why many programs exist in the first place. Since the rise of the information technology ...

Cyber Risk Quantification: Metrics ...
on January 6, 2023

Risk management is the new foundation for an information security program. Risk management, coupled with necessary compliance activities to support ongoing business operations, ...

Padraic O'Reilly
Cybersecurity Maturity Models You ...
on December 30, 2022

Cybercrime has forced businesses worldwide into paying billions of dollars yearly. As more of the population becomes dependent on technology, the fear of cyber attacks continues ...

Top 10 Risks in Cyber Security
on December 23, 2022

Increasing cyber security threats continue creating problems for companies and organizations, obliging them to defend their systems against cyber threats. According to research ...

Governance and Process Automation
on December 21, 2022

Any enterprise operating at scale understands the need for standardization and strong corporate governance. Having served Fortune 50 companies for decades, I have seen the ...

Jerry Layden
Introducing Crosswalking Templates
on December 19, 2022

Crosswalking can be a handy tool to view control performance for a single asset/system against multiple frameworks. One can complete an assessment using one framework by ...