The Wall Street Journal’s recent article on China-linked cyberattacks targeting U.S. internet providers highlights yet another example of how critical infrastructure remains at significant risk from sophisticated cyber adversaries. The revelations about "Salt Typhoon," an alleged state-sponsored group, continue to build on the growing body of evidence that cyber threats targeting essential services are not a future concern—they are here and happening now.
These specific attacks also demonstrate a significant shift in the playbook of state-sponsored cyber threats, where targeting internet service providers isn’t solely about data theft but instead includes undermining the very infrastructure that enables digital communication and commerce. These attacks are a wake-up call for governments and businesses alike to reexamine how resilient their ICS/OT defenses are. As the lines between cyber and physical security blur, the risk isn’t just about downtime or lost data, but about potential nationwide disruptions.
A recent SANS blog outlines five key takeaways from industry experts on ICS security, which are more relevant than ever:
- The business impact of ICS breaches is not limited to physical damage.
- Securing ICS requires a different approach than traditional IT.
- Insider threats and misconfigurations are just as dangerous as external attacks.
- Collaboration between IT and OT teams is critical.
- Continuous monitoring and response capabilities are non-negotiable.
At SANS, we’ve been working to bring attention to the vulnerabilities in operational technology (OT) and industrial control systems (ICS). Our recent launch of the ICS/OT Strategy Guide: ICS Is the Business and the accompanying The Business Risks of Ignoring ICS Security webcastand blog specifically emphasized these very points: the growing importance of securing critical infrastructure from threats like those outlined. Whether it’s water utilities, energy grids, or public services, the reality is that these systems are under constant attack.
Why ICS and OT Security is a National Priority
SANS has partnered with both private and public sectors, offering extensive training and resources to improve the resilience of vital services. Our work with utilities, from water to power, is critical, especially in light of incidents like those we’ve seen in Ukraine and now here in the U.S.
Looking Ahead: What Organizations Can Do
While the WSJ report is not necessarily breaking news for those in the security community, it adds to the growing narrative that these threats are very real. The Salt Typhoon attack is just one in a long list of incidents that underline how crucial it is to take proactive security measures.
For those looking for immediate, practical advice, I encourage you to explore our Strategy Guide, attend our upcoming SANS 2024 ICS/OT Survey: The State of ICS/OT Cybersecurity webcast, and implement the Secure-by-Design Frameworkwe’ve laid out. It’s not just about being aware of the threats—it’s about taking action now to secure critical infrastructure before it’s too late.
