Why Attacks on Critical Infrastructure Are Dangerous

Critical Infrastructure (CI) comprises physical and cyber assets vital for the smooth functioning of societies and nations across the globe. The sectors that make up critical infrastructure differ from one country to another. For example, the USA considers 16 sectors to be vital as opposed to 13 in the UK. The disruption or damage of CI can have severe direct and indirect effects.

So far, cybercriminals seeking crypto payouts were propagators of attacks on critical infrastructure. But what happens if a threat actor has plans beyond a quick payday? What if an attack creates chaos by eliminating critical infrastructure to harm a region or country?

Attacks on CI could eventually devastate the livelihoods of millions of people and even bankrupt companies. Experts listed cyberattacks on CI as a top concern in 2020, and this trend is estimated to persist into and beyond 2021.1 In the interest of national and global security, CI facilities must take proper measures to prevent threat actors from accessing their networks.

Attacks Are Widespread

Attacks on CI are becoming increasingly common topics of discussion on news channels as highly publicized cases, such as the ones mentioned below, rattle businesses and communities. It’s a scary situation and emphasizes how prepared you should be.

  1. Colonial Pipeline
    In May 2021, the mammoth pipeline system for refined oil in the U.S. — Colonial Pipeline — was hit by a cyberattack that stemmed from a single compromised credential. The result? Colonial Pipeline’s gasoline distribution to the East Coast was shut down for nearly a week.
  2. JBS SA
    The largest meat processing company in the world, JBS SA, fell victim to a cyberattack a few weeks after the Colonial Pipeline breach. The attack forced the company to halt production at its U.S. beef plants while operations in Australia and Canada were also hit.
  3. The Health Service Executive (HSE) Hack
    The HSE (Ireland) had to temporarily shut down its IT systems following a cyberattack. What makes this CI attack so disturbing is that it happened during the pandemic when health systems were buckling.

Other well-known cases include the attacks on NSW’s State Transit Authority (Australia), Israel’s Water Authority, and Air India.

Know the Threat Actors

To avoid the unpleasant experience of a CI attack, here are some major threats to prevent:

  • Phishing
    Experts have estimated that an alarming 75% of organizations in the U.S. experienced a phishing attack in 2020.2 Phishing through email occurs when malicious actors masquerading as genuine senders lure users into sharing credentials and sensitive information.
  • Unpatched vulnerabilities
    Unpatched vulnerabilities let cybercriminals run malicious code by exploiting an unpatched bug. In 2020, about half of CI operators reported unpatched vulnerabilities as the cause of cyberattacks.3
  • Distributed Denial of Service (DDoS)
    A DDoS attack on your network or server will overwhelm it with traffic, thus disrupting the service. A recent study reported over 2.9 million DDoS attacks in the first quarter of 2021. Compared to 2020, that is an increase of over 30%.4
  • SQL injection
    A SQL injection is an attack vector that injects malicious SQL code into vulnerabilities and can even destroy databases. Over 30% of CI operators reported SQL injection as the cause of a breach.3
  • Cross-site scripting
    Also known as XSS, cross-site scripting is a method of executing malicious scripts on a legitimate website. Almost 20% of CI operators reported falling for this attack vector.3

How to Tackle These Attacks

Secure Remote Access
Remote access, if not secured, could provide a freeway for cybercriminals. Therefore, it’s vital to have network firewalls, endpoint protection, good password hygiene, etc.

Create Asset Inventory
You can’t protect what you don’t know needs protection. That’s why it’s essential to have an asset inventory. With an updated inventory of all your network assets, you can implement strategies to ramp up security.

Identify and Patch Vulnerabilities
Many Operational Technology (OT) and IoT devices that operate within industrial networks aren’t secure enough to be part of a critical infrastructure environment. By deploying tools to identify system vulnerabilities, it’s possible to find risky devices, sort them based on their level of risk and then recommend firmware updates.

Detect Anomalies
Automated detection solutions backed by artificial intelligence can easily track anomalies and other minor suspicious changes within the network.

Combine OT and IT Networks
Security risks of connected industrial control systems fall when OT and IT networks are managed together as part of a unified operational platform.

Managing all these single-handedly may seem like a tedious process, but ITNS Consulting can take all the hassle away and help you ramp up your business’ security posture. Contact us to learn more about protecting your CI, or download our free infographic to learn more about this topic here.


  1. 2020 Global Risks Report, WEF
  2. Statista
  3. Cipsec.eu
  4. DarkReading

Ready to have a conversation?

We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.

Fill out my online form.

Ransomware Equals a Data Breach
From a data regulator’s perspective, it is the responsibility of your business …
Implementing Ongoing Risk Management as a Standard Practice
In 2021, organizations that didn't have zero trust incurred an average breach …
Are You Aware of the Digital Risks to Your Business?
Rapid technological advancement and rising global connectivity are reshaping the way the …
How to Build Trust Using Your SMB’s Technology
Technology can be a daunting investment for small and medium-sized businesses (SMBs). …
Why Your Business Needs to Prepare for Cyber Incidents
As the world becomes more digital, so do the risks of conducting …
What to Say ‘No’ and ‘Yes’ to When Practicing Trust-Building in Your Business
The world has become a less trusting place. A recent study by …
Balancing a Proactive and Reactive Approach to Cyber Incidents
A cyber incident is a type of security event that can harm …
How to Find the Right Managed IT Service Provider for Your Business
When looking for an IT service provider for outsourced tech support, it’s …