O Gartner, Inc., the world leader in business research and advice, predicts that by 2025, approximately 30% of critical infrastructure organizations will face a security breach that will result in a disruption of a mission critical cyberphysical system or operational.
The security of critical infrastructure has become a primary concern for governments around the world including the United States, United Kingdom, European Union, Canada and Australia, each identifying sectors considered as “critical infrastructure” – for example, communications, transport, energy, water, health and public facilities. In some countries, critical infrastructure is owned by the state, while in others, such as the United States, private industry owns and operates a much larger part of it.
Ruggero Contu, Research Director at Gartner
“In many countries, governments are realizing that their critical national infrastructure has been an undeclared battleground for decades,” he says. Ruggero Contu, Director of Research at Gartner. "They are now taking steps to require more security controls for the systems that support these assets."
A recent Gartner survey showed that 38% of respondents expected to increase their security spending. operating technology (OT) between 5% and 10% in 2021, with another 8% of respondents predicting an increase above 10%.
However, that may not be enough to curb low investment in this area over many years, according to analysts at Gartner. “In addition to the need to update, there is a growing number of increasingly sophisticated threats,” says Contu. "Owners and operators of critical infrastructure are also struggling to prepare for the upcoming surge in oversight."
Increasing risk requires taking a holistic security approach – Over time, the technologies that support critical infrastructure have become more digitized and connected – whether to corporate IT systems and/or to each other – creating security risks for physical and cyber systems. The result has been a substantial increase in attack options for hackers and criminals of all types.
In critical infrastructure industries, organizations need to be more concerned about real-world dangers to humans and the environment rather than information theft. Gartner predicts that, by 2025, attackers will have turned a critical infrastructure based on a cyberphysical system into a weapon to harm or kill humans.
Gartner recommends that security and risk management leaders in critical infrastructure industries develop a holistic approach to security so that IT, OT, and Internet of Things (IoT) security are managed in a coordinated effort.
“Security and risk management leaders must accelerate efforts to discover, map, and assess the security posture of all cyberphysical systems in their environment,” says Contu. "We need to invest in threat intelligence and bring these industries together with groups that allow them to keep their operations informed about the best security practices of today and for the future, as well as how to respond to requests for contributions from government entities."
EN 
PT 
