Securing critical infrastructure for essential public services such as water, energy, electricity, healthcare, and food is a complex task. This is particularly true in organizations that operate in complex distributed environments. Indeed, strengthening critical infrastructure security is a key focus of the new U.S. National Cybersecurity Strategy, announced by the White House this past March. At the same time, stepped-up alerts from the Cybersecurity and Infrastructure Security Agency (CISA) highlight the need to improve the defense of national infrastructure against the ever-evolving ransomware threat environment. Now, more than ever, safeguarding infrastructure has become a primary focus of the critical cybersecurity defense agenda.
To protect such critical assets, organizations often implement closed networks, also known as isolated or air-gapped network environments, which are physically or logically isolated from external networks and the internet. This approach establishes a robust layer of protection, minimizing attack surfaces and shielding sensitive systems and assets from both insider and external threats. In closed network environments, implementing comprehensive security solutions becomes paramount. This includes measures such as:
- Non-disruptive, ongoing network monitoring and surveillance
- Network segmentation to isolate and protect critical systems with IT, OT, IoT, IIoT devices
- Perimeter security with firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS)
- Network Access Control (NAC) for device-centric visibility, access control, and mitigating insider threats from employees or contractors with authorized access to systems and thus have the ability to abuse their privileges or unintentionally facilitate a breach
- Incident response plans and disaster recovery procedures
- Risk assessments and vulnerability management
- Patch management, especially for legacy devices
- Physical security measures to safeguard access to critical infrastructure facilities
- Collaboration with cybersecurity organizations and industry-specific entities for device platform and threat intelligence sharing and best practices
In distributed network environments, however, where critical infrastructure assets span multiple locations, additional security measures need to be considered. Here, organizations must deploy a combination of solutions tailored to both the distributed nature of their infrastructure and the closed network environment. This includes:
- Network observability and segmentation to protect and isolate assets across different locations
- Secure remote access solutions, following Zero Trust Network Access (ZTNA) principles and methods to achieve user-centric visibility and access control
By addressing the unique challenges presented by both closed and distributed network environments, organizations can effectively fortify their critical infrastructure. By combining the key core components of Network Access Control (NAC) and Zero Trust Network Access (ZTNA) with ongoing vigilance and adaptability, you can ensure the integrity, availability, and resilience of your critical infrastructure network.