As the Holidays and the end of the year draw nearer, what will 2022 bring for the realm of technology? Many business leaders will also be asking what types of cybersecurity issues should they prepare for?
Casting his eye through the haze of web traffic for Digital Journal is Syed Belal, Director, Cybersecurity Consulting Services at Hexagon PPM.
Belal considers what he believes will be the key trends in this coming year for Operational Technology cybersecurity.
With more Operational Technology related attacks on the horizon, Belal, thinking from the U.S. perspective, sees the Biden Administration as playing a key role in the year to come.
Critical Infrastructure Attacks will Increase and at the Most Inopportune Times
According to Belal we need to ‘expect the unexpected’. As he explains: “Pipelines, meat producers, grain cooperatives, oh my! Hackers got hungry in 2021 and critical infrastructure seemed to be their main entree.”
Drawing on 2021 examples, Belal finds: “The Colonial Pipeline hack made everyday citizens aware of just how large of a real-world impact cyber-attacks can have. Attacks on JBS and New Cooperative demonstrated how critical resources that keep entire industries alive can go under if a single endpoint is vulnerable.”
While some measures have been taken, we can expect more of the same says Belal. “Despite government action such as the DOE’s 100-day Action Plan and TSA’s Pipeline Directive, it’s unrealistic to think that hackers are going to be scared out of attacking critical infrastructure in the future. I predict that entities large and small will be hit, specifically over major holidays when folks aren’t attending to their networks as closely as usual and recovery abilities are handicapped.”
A Legitimate OT Cybersecurity Regulation (Not a Standard) Will Be Passed in 2022
Turning to the legislative agenda, Belal predicts: “The Biden Administration’s efforts over the past 6 months to improve critical infrastructure and its security show immense promise. We’ve seen increased funding in the billions and general heightened awareness that the systems that quite literally keep our country running are extremely attractive to adversaries.”
The actions are not perfect, however, as Belal recounts: “One thing we haven’t seen? An actual regulation for critical infrastructure companies to improve their cybersecurity. Yes, we’ve seen standards…but those aren’t mandatory. It’s quite possible with the momentum we’re seeing now that the government could pass a regulation or two in 2022 for critical infrastructure security.”
Smaller Power Generation and Utilities will be Increasingly Targeted
One sector likely to be in the spotlight is utilities. Belal notes these “have long been targets for attackers, but what most don’t realize is how vulnerable smaller entities are. Yes, hackers are likely actively trying to shut down the entire power grid as we speak, but attacks on smaller targets are often more successful. Smaller, more regional players typically have less mature programs in place and lack the resources they need to have a strong security posture. In 2022, I predict we’ll see smaller entities in major headlines, potentially (yet, hopefully not) with some type of human cost, and possibly see state and local governments waking up to the reality that cybersecurity should be a top-of-mind topic in executive-level discussions.”