The physical infrastructure that manufacturing businesses need to operate and the local Government infrastructure that keeps the modern world functioning are firmly in the sights of cyberattackers. Currently, there are 16 infrastructure areas designated as critical by the Federal Government.
It is standard practice to have the control systems for physical infrastructure online and linked to IT systems to allow for remote control and monitoring. These control systems get grouped under the banner of operational technology (OT), which includes Industrial Control Systems (ICS), Programmable Logic Controllers (PCS), Supervisory Control & Data Acquisition (SCADA) systems, and Distributed Control Systems (DCS).
Linking IT and OT systems is convenient, but it can open up new attack routes for cybercriminals, especially if there is a knowledge gap between IT teams who are not experts in OT and OT teams who do not have knowledge of current cybersecurity threats. Bridging the OT and IT divide to deliver infrastructure cybersecurity is often achieved by using an external managed security service provider (MSSP) who has the relevant skilled team.