Critical Infrastructure Under Attack: What MSPs can do

Written by Charles Cooper 1
March 11, 2016

The number of cyberattacks on critical infrastructure - everything from electric grids to nuclear reactors - is increasing and that presents MSPs with a big opportunity in 2016.

With more critical infrastructure companies now using cloud computing to help run their IT systems and networks, the risk of a cyber attack against a major production facility, energy plant or even a nuclear reactor is suddenly a lot more than fodder for fiction.

Not only could it happen, but it already has.

In late 2014, hackers tricked employees at a German steel mill into clicking on booby-trapped emails. The cyber attackers used the stolen password information to then penetrate the corporate networks and wreak havoc with the mill’s control systems. One blast furnace would not properly shut down, causing massive structural damage to the facility.

As more manufacturing plants, utilities and grids connect their operations to the Internet, the previously limited attack surface of these industries will offer a more fertile landscape for cyber attacks.

And it’s a huge swath of the economy. The Department of Homeland Security lists 16 critical infrastructure sectors where the assets, systems, and networks are so vital to the United States that their incapacitation or destruction would debilitate national security and safety.

To date, the worst-case scenarios have not come to pass on our shores. But the risk still exists. Late last year, for example, cyber attackers infiltrated a Ukrainian power facility’s computer system and caused a widespread power outage. Closer to home, a report surfaced in late December 2015 describing how Iranian hackers had infiltrated a New York dam control system outside of New York City two years earlier. In that instance, too, the attackers were able to gain entry via the Internet.

The incidents hinted at the potential danger as companies seek to find their footing in this fast-emerging world of networked computing and the cloud. Indeed, as more critical infrastructure organizations get connected and migrate data operations to the cloud, they will need to architect their systems to better protect against the threat of cyber breaches. Whether internal IT departments possess the deep technical skills to handle more than routine maintenance is problematic. That state of affairs will present MSPs with an opening, given the depth of their technical bench, both on the design and operational aspects of the technical process.

It’s also why the MSP Alliance earlier this year predicted that critical infrastructure was likely to become a lucrative arena for MSPs in 2016. With more critical infrastructure moving to the cloud, MSPs should be able to bring their expertise to bear and play a role securing those facilities.

In particular, MSPs are likely to find luck working with older critical infrastructure areas eager to upgrade their aging systems. Some of these industries have resisted moving core infrastructure to the cloud for a variety of reasons related to risk management and concerns about retaining physical control of their servers. But as concerns about cloud security wane, these organizations are going to be more open to a model of shared responsibility as they transfer mission-critical infrastructure functions to the cloud.

What’s more, note that according to the National Institute of Standards and Technology, the cloud is already being used within critical infrastructure. That’s where MSPs can hasten the process in what’s proving to be one of the most significant technology transitions of our era.

This content is underwritten by VMware and is editorially independent.