Traditional Cybersecurity is no Longer Enough to Protect Critical Infrastructure Networks – By George Kamis (Nextgov) / Aug 19, 2022
The previous gold standard of air gapping digital and physical systems isn’t feasible.
When it comes to protecting the availability and security of critical infrastructure, the gold standard in cybersecurity has long been air gapping: a hard physical break between information technology and operational technology systems.
In today’s environment, this approach is no longer sufficient—nor is it even feasible. IT and OT are too closely interwoven, and organizations rely on direct connectivity between the two. As such, an incursion into one inevitably will impact the other.
That was evident with last year’s Colonial Gas Pipeline hack, where bad actors infiltrated one system and successfully moved onto the rest of the IT network with ransomware. It was one of the more prominent reminders that hackers have critical infrastructure squarely in their sights, and the situation is escalating—even though their OT networks were not initially compromised.
