{"id":173614,"date":"2026-01-01T06:11:00","date_gmt":"2026-01-01T11:11:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/01\/the-evolving-cybersecurity-challenge-for-critical-infrastructure\/"},"modified":"2026-01-01T06:35:09","modified_gmt":"2026-01-01T11:35:09","slug":"the-evolving-cybersecurity-challenge-for-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/01\/the-evolving-cybersecurity-challenge-for-critical-infrastructure\/","title":{"rendered":"The Evolving Cybersecurity Challenge for Critical Infrastructure"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news-features\/cybersecurity-for-critical\/\">The Evolving Cybersecurity Challenge for Critical Infrastructure<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news-features\/cybersecurity-for-critical\/\">https:\/\/www.infosecurity-magazine.com\/news-features\/cybersecurity-for-critical\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-01 06:11:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. In April 2025, cyber attackers took over the control system of a small dam in Western Norway and opened a valve for four hours. Norway\u2019s security services later publicly attributed the incident to pro-Russian hackers. Reports suggest attackers used weak credentials, on an internet-connected control panel, to gain access.<\/p>\n<p>\u201cThe incident didn\u2019t cause injuries, but it did prove a point,\u201d Pedro Umbelino, principal research scientist at Bitsight, told Infosecurity. \u201cBasic industrial control system and operational technology mistakes still create real\u2011world risk.\u201d<\/p>\n<p>This is the challenge facing critical national infrastructure (CNI) operators and the security teams tasked with protecting them. Critical infrastructure depends heavily on legacy technologies, designed before secure connectivity was a requirement.<\/p>\n<p>Read more: Why Addressing Legacy IT is an Urgent Strategic Priority for CISOs <\/p>\n<p>Moreover, the sector has attracted a growing number of threats, including nation states and hacktivist groups, as well as those who see CNI as a lucrative target for cyber extortion.<\/p>\n<p>The Cybersecurity Challenge for CNI Operators<\/p>\n<p>CNI operators face a delicate balancing act, maintaining robust security and resilience while embracing the efficiencies that connected systems and cloud technologies promise.<\/p>\n<p>\u201cWe\u2019re moving towards a more converged, shared infrastructure and shared networking piece,\u201d said Scott McKinnon, UK CSO at Palo Alto Networks. \u201cThe technology is increasingly becoming cloud delivered as well. Modern OT systems will probably have a cloud control plane, which means that it\u2019s outside the perimeter security that previously existed. And there&#8217;s obviously lots of legacy technology there as well.\u201d<\/p>\n<p>CNI providers are also embarking on extensive upgrade programs because much of the equipment in industries such as utilities, energy and transportation are decades old.<\/p>\n<p>Reconfiguring water systems and power grids to meet modern demands means renewing OT systems. Meanwhile, more distributed systems, such as those needed to support renewable energy or remote telecommunications, also make perimeter security harder.<\/p>\n<p>\u201cCNI and distributed energy resources are the new frontier in cyber warfare,\u201d warned Rob Demain, CEO at e2e-assure. \u201cThat attack surface, has expanded in recent years with the addition of green energy solutions. Solar panels, for example, and the inverters they feed into, are seldom protected, making it perfectly plausible that those could be hacked en masse and used to carry out a DDoS attack against the National Grid.\u201d<\/p>\n<p>Such an incident is yet to happen, but attacks on CNI were none the less a growing problem in 2025. Bitsight\u2019s Umbelino pointed to a \u201cmeasurable increase of around 12%\u201d in cyber-attacks against internet-facing ICS and OT systems.<\/p>\n<p>Bridewell, a UK-based cyber consultancy with a significant CNI practice, has found that 95% of UK CNI providers had been breached in the year to March 2025. The UK\u2019s NCSC also warned of increased attacks against the sector, in its 2025 annual review.<\/p>\n<p>Long-Term Security Risks for Critical Infrastructure<\/p>\n<p>Convergence between OT, IT and the cloud is providing cybercriminal groups with the opportunity to target critical infrastructure. Operators, and regulators, are wrestling with new technology and new manufacturers, outside the traditional OT\/ICS supply chain.<\/p>\n<p>\u201cWith the geopolitical tensions and the way that the world will look in maybe a few years, they&#8217;re starting to scratch their heads and think, \u2018okay, is it secure? Is it safe? How was it developed? Is there any remote access? How is it being configured?\u2019 There are things that are being done now, that will have an effect in a few years\u2019 time,\u201d cautioned Daniel dos Santos, head of security research at Forescout&#8217;s Vedere Labs.<\/p>\n<p>Given the lifespans of operational technology, installing insecure equipment now can have long-term consequences. Meanwhile, CISOs face dealing with older hardware that was not designed for modern threats. Even where vendors release patches, CNI operators do not always apply them, either because of concerns about business interruption, or a lack of visibility.<\/p>\n<p>\u201cThere are assets that have been there for 30 years in the ground, they&#8217;re connected and they have an IP address, and people don&#8217;t even realize that they&#8217;re part of the network,\u201d said Dos Santos.<\/p>\n<p>Technology is not the only challenge for CNI CISOs who face increasingly determined adversaries. As well as financially motivated attacks, in 2025 critical infrastructure operators found themselves targets of hacktivist and state-backed actors too.<\/p>\n<p>\u201cWhat made 2025 especially dangerous was how the convergence of geopolitics and cybercrime directly increased risk to critical infrastructure,\u201d noted Adam Darrah, VP of intelligence at ZeroFox.<\/p>\n<p>\u201cAs geopolitical tensions escalated, CNI became a preferred pressure point: Russia targeted European banking and transportation to weaken NATO resolve; Iran turned to asymmetric cyber activity against Israeli and Gulf state infrastructure; and China intensified espionage against defense, energy, and technology sectors. Even municipal infrastructure wasn&#8217;t spared.\u201d<\/p>\n<p>State-backed attackers are looking for intelligence, and to identify vulnerabilities they can exploit in the future. In the short term, they, and aligned hacktivist groups, want to create chaos, Darrah says.<\/p>\n<p>Vedere Labs\u2019 Dos Santos concurred and noted, \u201cThey\u2019ve figured out that it&#8217;s an effective way to spread a message.\u201d<\/p>\n<p>The threat is not limited to the conventional components of CNI, such as transport energy or water. Governments, and adversaries, increasingly see sectors such as healthcare and financial services as \u2018in scope\u2019; the UK recently added data center operators to its list of CNI.<\/p>\n<p>\u201cThis shift will intensify in 2026,\u201d said Spencer Starkey, executive VP for EMEA, at SonicWall. \u201cRetail, logistics, automotive manufacturing and even food distribution face rising pressures as they become targets. Adversaries will increasingly lean on AI-assisted hacks to probe and exploit the systems businesses rely on to keep operations running.\u201d<\/p>\n<p>Keeping the Lights on in CNI in 2026<\/p>\n<p>Threats to CNI are not likely to abate in 2026. Legislators are putting more emphasis on cyber resilience and directives, such as the EU\u2019s Cyber Resilience Act, will improve the security of connected devices. But these upgrades take time.<\/p>\n<p>\u201cThreats from criminal groups continue to grow exponentially,\u201d said Phil Tonkin, CTO at OT security specialists Dragos. \u201cIn 2026, CISOs need to be prepared for ever increasing risks, across the full spectrum of their digital assets, both IT and OT.\u201d<\/p>\n<p>CISOs, he suggested, should adopt measures such as SANS\u2019 five critical controls for ICS, to reduce risks as quickly as possible.<\/p>\n<p>Cybersecurity leaders in CNI should also consider measures, such as network segmentation, improved identity and access management and even zero trust architectures. These are not unique to CNI but go some way to reduce the likelihood and impact of a breach.<\/p>\n<p>The social, economic and political stakes are too high for CNI to rely on staying safe by staying in the shadows.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Evolving Cybersecurity Challenge for Critical Infrastructure https:\/\/www.infosecurity-magazine.com\/news-features\/cybersecurity-for-critical\/ Publish Date: 2026-01-01 06:11:00 Source Domain: www.infosecurity-magazine.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":173615,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/7aec18a8-1e83-487c-ae6e-7692fe02f109.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31],"class_list":["post-173614","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/173614"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=173614"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/173614\/revisions"}],"predecessor-version":[{"id":173616,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/173614\/revisions\/173616"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/173615"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=173614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=173614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=173614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}