The number of identified criminal gangs targeting Critical National Infrastructure had, by the end of 2020, increased to 15 – from just 5 in 2018. These gangs target Industrial Control Systems (ICS) and Operations Technology (OT) in the electric energy sector (including wind farms, and their supply and maintenance chains) as well as manufacturing, transportation, petro-chemicals and utilities.
Sustained criminal investment over 5 – 10 years in reconnaissance and infiltration of CNI means that these gangs, using phishing as an attack vector of choice, are increasingly able to extract returns on their investment, primarily through extortion.
The Dragos report (Year in Review | Dragos) makes useful recommendations about steps that CNI organisations should take to improve their defences – including radical improvements in visibility as well as structured defence in depth.