Giving security a bigger seat at the critical infrastructure table

Critical infrastructure - pylons against red sky

Share this content

Facebook
Twitter
LinkedIn

Steve Sinclair, Director, Utilities Vertical Market, Convergint examines how to safeguard critical infrastructure in 2025.

The critical infrastructure landscape

If recent years have shown the security industry anything, it’s that both physical and cyber-threats are becoming increasingly intertwined and challenging to detect, predict and remediate – especially when it comes to protecting our nation’s critical infrastructure.

Recent data corroborates this – according to Cybersecurity Dive, of the 2,825 ransomware attacks reported to the FBI throughout 2023, 1,193 directly affected critical infrastructure organizations.

What’s more, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI) issued a warning earlier this year regarding the increasing danger of state-sponsored attacks from the People’s Republic of China (PRC) – in which “cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyber-attacks against US critical infrastructure in the event of a major crisis or conflict with the United States.”

In recent years, we’ve also seen an increase in physical attacks to utilities facilities in the US, with attackers targeting multiple substations in North Carolina, Washington state and more – cutting off power to thousands in some cases.

With these rising physical threats to US power grids, substations, water plants, natural gas facilities and more, security leaders and government agencies alike are challenged with how to best protect critical infrastructure (widely encompassing everything from energy, water and communications to our healthcare, education and financial systems) – from both physical and cyber threats.

In 2025, security professionals and integrators in this sector will be increasingly focused on upgrading legacy security systems to mitigate cyber-threat risks, designing highly market-specific systems that can protect against advanced attacks – and positioning security to enhance situational awareness and as a key driver of business operations as these threats take center stage.

Looking ahead

In coming year, the following trends will drive security innovation, strategy and design in the critical infrastructure market:

Continuing convergence of physical and cyber solutions – leveraging emerging technology: Implementing security systems is no longer a practice of designing and installing separate, fragmented cyber and physical solutions.

As critical infrastructure facilities continue to experience rapidly evolving physical and cybersecurity threats – security systems must focus on upgrading legacy security devices (surveillance, access control, mass communications, building management and more), to be more cybersecure.

In the year ahead, integrators and security leaders will increasingly focus on converging cyber and physical security systems, to build a fully-integrated, easily manageable and cloud-based environment.

Emerging technologies like AI, machine learning (ML) and cloud-based systems will continue to become more widely adopted within critical infrastructure to manage the sprawling threat environment – with the power to provide real-time data insights, identify risks and unusual behavior patterns, and predict potential attacks across the entire device environment.

Offering predictive, rather than incident-reactive, security analytics capabilities, AI and ML will have increasing value to enterprises in the years to come.

These technologies can provide better insights into proper security budget allocation, in relation to areas of critical risk and attention.

Although government agencies have recently faced compliance roadblocks to implementation regarding these technologies, we’ll continue to see steadily increasing adoption across agencies in the year(s) ahead, as these tools become more advanced in their compliance, security and detection abilities – acting as a force multiplier to enhance security monitoring staff capabilities that were previously constrained by resource and training dependencies.

Increasing verticalization, to meet specific industry needs: With legacy security systems, facilities may have relied on a ‘set and forget’ ecosystem of devices – failing to look beyond basic security measures like access control, video systems and communications (which are still critical, but are now table stakes).

In the critical infrastructure sector specifically, we’ll continue to see increased verticalization of the devices that are recommended and installed – to manage this market’s very unique security needs.

For example, devices that are used to monitor and manage threats in the financial vertical (electronic barriers, customer-centric designs), are not necessarily critical within the utilities sector and vice versa.

In critical infrastructure facilities, hyper-verticalization will continue to develop in 2025 – leveraging emerging technologies like robotics, drone and advanced thermal imaging systems to conduct line inspections, evaluate water outfalls, provide detailed imagery and insights on maintenance needs, and more.

Shifting security’s role from cost center to key business driver: With threats becoming more damaging and pervasive to utilities, security needs to have a bigger seat at the table when it comes to driving strategy and business operations.

Business leaders and agencies can no longer ignore the imminent danger that cyber and physical threats pose to power stations and facilities and must prioritize proactive security optimization and comprehensive digital transformation as key drivers of success.

Beyond just securing facilities with the right technologies – business leaders must understand the underlying need for security systems and why potential threats will affect the entire enterprise (and in the case of critical infrastructure, the public’s safety and access to resources).

In 2025, this will involve giving security and IT teams a bigger share of voice when it comes to business strategy – to not only secure facilities, but drive positive outcomes and complete operational efficiency across the entire business/agency.

The foundation of society

There’s no doubt that cyber and physical security threats are becoming more advanced by the day, especially in the critical infrastructure and utilities market, where bad actors and adversaries look for ways to damage, exploit and interrupt key power grid, energy, chemical (and more) systems.

This threat is now crucial for business leaders and government agencies to pay close attention to – these attacks do not just interrupt business operations and cause reputational damage but threaten the well-being and safety of civilians.

In 2025, security leaders and integrators in the critical infrastructure sector will increasingly adopt and advocate for more digitally transformed, AI-driven, vertical-specific solutions – that not only streamline cyber and physical security, but also drive more widespread digital transformation and business outcomes.

In the year ahead, security will continue to earn its spot in the C-Suite – as leaders in this industry look to get ahead of mounting threats with the most advanced, automated systems possible.

About the author

With over 18 years of experience in the physical security sector, Steven is a Director at Convergint Technologies, leading the strategy, operations and business development for the utility vertical market.

He is passionate about delivering innovative and creative solutions that address the security challenges and regulatory compliance needs of the utility industry – across physical security design and assessment, vulnerability analysis, critical infrastructure protection, perimeter intrusion detection and security technology integration.

This article was originally published in the December edition of Security Journal Americas. To read your FREE digital edition, click here.

Newsletter
Receive the latest breaking news straight to your inbox