Importance of OT security in critical infrastructure

- [Instructor] Every day, we rely on critical infrastructure, power grids, water treatment plants, transportation systems, to keep society running smoothly. But what happens when these systems are targeted by cyber attacks? In this video, we'll explore real world incidents, their far reaching impacts, and why protecting OT systems is more crucial than ever. So what is critical infrastructure? Critical infrastructure refers to the physical and cyber systems and their assets that are vital to the functioning of our society and economy. According to the US Department of Homeland Security or DHS, it includes sectors like energy, water, transportation, healthcare, and more. These sectors are so essential where their disruption would have a negative effect on national security, economic stability, public health, or safety. Some of the cyber disruptions to the critical infrastructure could include a disruption to an electrical power grid, which could plunge communities into darkness and halt critical services for hospital organizations. It could also include a breach to critical water systems, which could result in public health on a massive scale, and it can also result in an attack on a transportation system, which could cause delays and financial losses. As defined by the National Institute of Standards and Technology, or NIST, critical infrastructure systems are vital, not only because of their operational significance, but also because of their interconnectedness. The failure of one system often can trigger cascading effects across other sectors. Disruptions to critical infrastructure aren't just inconvenient, they can have catastrophic consequences, including threats to physical safety, severe economic losses, and risk to national security. This is why protecting these systems, particularly their operational technology components, is more important than ever. Let's highlight some high profile incidents to understand these historical events. I won't go into much detail here because we have a whole section about these, but let's get into an overview of these incidents. Number one, let's talk about the Colonial Pipeline attack in 2021. This was a ransomware attack on one of the largest fuel pipelines in the US, which led to widespread fuel shortages across the East Coast. The incident highlighted vulnerabilities in critical infrastructure and caused mass panic at gas stations nationwide. The Ukrainian Power Grid Attack is another one that occurred in 2015. This was a sophisticated cyber attack, which disrupted power to over 230,000 people in Ukraine. Hackers infiltrated SCADA systems, which we'll discuss later in the course, highlighting how OT vulnerabilities can lead to widespread outages and geopolitical consequences. American Water Attack, which just occurred in October of 2024, where American Water is one of the largest regulated water utilities in the United States, they experienced a cyber attack that led to the disconnection of its systems to contain the incident. As we've seen, each critical infrastructure sector faces unique OT security challenges that make protection imperative. Let's go more into some security risks within notable critical infrastructure sectors starting with the energy sector. Power grids rely on OT systems for generation and distribution. Attacks on these systems can cause blackouts, disrupt supply chain, and leave emergency services inoperable. Such risks underscore the need for real-time monitoring and secure communication protocols and energy networks. Let's discuss the water sector. OT systems and water facilities manage treatment processes, distribution, and management. Cyber attacks on these systems can lead to chemical overdoses, water contamination, or supply disruptions, directly impact public health and safety. And finally, the manufacturing sector. Manufacturing plants depend on precise OT controls for productivity and worker safety. A breach could sabotage production schedules, compromise quality, or even cause physical harm through equipment malfunctions. Now that we've laid this foundation, next, we'll dive deeper into specific devices and assets that make up OT environments. You might see these devices walking past your neighborhood electrical grid substations. Let's dig deeper into OT together.