Cyber Threats to Critical Infrastructure: A Global Wake-Up Call

After hackers linked to China reportedly gained access to the IT networks of hundreds of small and medium-sized water and power utilities in the U.S, alarm bells are ringing for utilities and critical infrastructure (CI) operations across the world. In an attack that some observers suggest is pre-positioning for sabotage of water and power supplies should the U.S. look to intervene in any potential conflict with Taiwan, China has demonstrated the inherent weaknesses in operational technology (OT) systems that many have been calling out for the last decade.

The Ongoing Volt Typhoon Case

This type of threat is something that CISA (the U.S. Government’s Cybersecurity and Infrastructure Security Agency) first warned about over two years ago after detecting the tactics, techniques, and procedures (TTPs) linked to the Chinese hacking group ‘Volt Typhoon' were discovered affecting networks across U.S. critical infrastructure, which led to the warning being issued to CI operators of the potential threat.

The Real-World Impact of Infrastructure Attacks

The consequences of a successful attack on CI can be severe – for example, a hospital without water supply would be forced to evacuate within hours. A shut down in electricity generation could affect entire cities, bring transport to a halt and disrupt manufacturing facilities. Even when not directly targeting CI, cyberattacks can have far reaching effects. We don’t need to look far to see how a single intrusion can reach when industrial systems are subjected to a cyberattack. The recent Jaguar Land Rover (JLR) hack which forced the complete shutdown of production lines globally and reportedly affected over 5,000 related organisations. This incident is being described as the most expensive cyberattack ever in the UK with estimated economic losses of £1.9 billion (US$2.55 billion), and JLR losing £50 million per week from the shutdown.

Costs to business are one measure, but the cost to society could be far greater given the potential turmoil a successful attack on a city’s infrastructure could generate. It is no surprise then, that government cyber agencies would issue directives such as CISA 23-02 which required all US Gov Agencies to immediately implement controls to block access to web interfaces on appliances – but while important these seemingly small changes have wide ranging impacts to operational actions and costs of running utility companies.

Persistent Vulnerabilities in Utility Networks

According to Dark Reading’s review of attacks on US water utility companies there remains significant issues with network and system security such as:

1. Inadequate identity and access controls for devices and users.

2. Poor segmentation of IT/OT networks.

3. Legacy OT equipment, often with weak authentication (some reportedly still using default credentials) and remote connectivity.

4. Under-resourced utilities: little staffing, small budgets, less mature cyber practices.

5. Insufficient monitoring and incident detection in OT/ICS domains.

6. Default credentials / insecure configurations of ICS/SCADA devices.

While PLC vendors are increasingly building security features into their devices, the vast majority of operations don't typically run this next-generation gear.

Strategic Priorities for CI Operators

To mitigate risk, CI operators should prioritise:

• Strong identity & device authentication across both IT and OT domains.

• Network and device segmentation, especially isolating OT from general IT.

• Reducing attack surfaces by disabling insecure remote access, default credentials, open ports.

• Continuous Monitoring for unusual activity or lateral movement within networks.

The Role of VeroGuard in Securing CI

The VeroGuard Platform offers a scalable and effective solution for protecting access to systems and technology assets.

Role of VeroGuard / VeroMod

• Hardware-based identity for OT devices: VeroMod reduces the risk of rogue devices and lateral exploitation.

• User identity verification: VeroCard ensures secure authentication for personnel.

• Virtual air gap and segmentation: VeroMod allows OT devices to communicate only with authorised endpoints, maintaining isolation while enabling remote access.

• Legacy infrastructure protection: Utilities can retrofit VeroMod onto existing OT systems, enhancing security without costly replacements.

• Scalable for resource-constrained utilities: The platform reduces reliance on large in-house cyber teams, addressing the “target rich but cyber poor” challenge.

VeroGuard offers the next generation of platform that secures connected systems, machines and data. The VeroGuard Platform ELIMINATES credential and identity compromise on open networks to act as the foundation of any zero-trust deployment. With our ecosystem partners VeroGuard’s modern end-to-end ICAM solution provides Next Generation MFA^ and advanced Attribute Based Access Control (ABAC) for powerful granular access management to systems and assets.

Any critical infrastructure operator migrating to the Cloud, connecting OT and IT networks, wanting to exploit open networks for machine communications, or looking to secure their supply chain should assess the VeroGuard Platform.

^Next Generation MFA: Secure hardware bound cryptographic authenticator (NIST AAL3) with identity verification. Phish-resistant, Tamper-resistant, Verifier impersonation-resistant, Compromise-resistant.