Securing Critical Infrastructure: A Cyber-Physical Threat Briefing
▼ Summary
– Global economic policies and geopolitical tensions are increasing cyber risks to critical infrastructure by causing supply chain changes that impact 49% of organizations.
– Nearly half of security professionals lack confidence in their ability to reduce risks to cyber-physical systems and understand their overall security posture.
– Third-party remote access vulnerabilities are significant, with 46% of organizations breached through vendor access and 73% now re-evaluating these connections.
– Emerging regulations are creating uncertainty, with 76% of organizations expecting to overhaul security strategies despite 70% currently following established frameworks.
– Organizations are shifting to impact-centric risk reduction strategies focused on regular security audits and process improvements to address vulnerabilities and compliance gaps.
The security of our most vital infrastructure faces unprecedented challenges as traditional operational technology converges with digital networks. Cyber-physical systems (CPS) now underpin everything from energy grids to transportation networks, creating complex vulnerabilities that demand immediate attention. A new global study reveals how economic instability and geopolitical friction are intensifying these risks, particularly for Australian critical assets.
Recent research conducted by Claroty paints a concerning picture of the current threat landscape. Their report, “The Global State of CPS Security 2025,” gathered insights from over 1,100 security and operations professionals worldwide. The data indicates that nearly half of these experts believe shifting global economic policies and supply chain disruptions are directly increasing cyber risks to critical systems. This uncertainty creates a perfect storm where defenders struggle to maintain visibility and control.
Confidence in risk reduction capabilities appears worryingly low, with 45% of respondents expressing concern about their ability to protect key assets. The interconnected nature of modern infrastructure means vulnerabilities in one area can cascade throughout entire systems. Supply chain reevaluation is now a priority for 67% of organizations seeking to mitigate risks stemming from geopolitical tensions, though this restructuring introduces its own complications.
Third-party access represents a particularly acute vulnerability. Nearly half of organizations reported breaches linked to vendor access in the past year, while 54% discovered security gaps in vendor contracts only after incidents occurred. This has prompted 73% of respondents to completely re-evaluate their third-party remote access protocols. As supply chains shift, organizations often introduce new remote access tools into already complex environments, creating additional attack vectors.
Regulatory uncertainty further complicates the security equation. While 70% of organizations claim compliance with existing frameworks like NIST, 76% anticipate that emerging regulations will force strategic overhauls that could disrupt operational efficiency. The challenge lies in balancing compliance with practical security measures that address real-world threats.
Security expert Sean Tufts notes that attackers frequently exploit periods of instability. “Distracted defenders are ineffective defenders,” he observes, emphasizing how critical infrastructure becomes increasingly attractive during turbulent times. The economic and human impact of successful attacks on these systems makes them high-value targets for sophisticated threat actors, including nation-states.
Effective defense requires a fundamental shift in approach. Organizations are moving beyond the outdated concept of air-gapped security toward strategies centered on comprehensive asset visibility and stakeholder engagement. The most successful risk mitigation efforts involve regular security audits (prioritized by 49% of respondents) and improved processes for change approvals (45%). This impact-centric focus helps organizations prioritize vulnerabilities that could cause the most significant operational disruption.
With Cyber Security Awareness Month approaching, Leon Poggioli of Claroty emphasizes the need to expand public discourse around infrastructure protection. “Our national security depends on recognizing the critical nature of these systems,” he states, highlighting the collective responsibility shared by government and industry to bridge the divide between information technology and operational technology teams.
For those seeking deeper analysis, the complete report offers comprehensive findings and recommendations. Additionally, Claroty will host a webinar on October 22nd to discuss these critical issues, with alternative timing available for Australian participants. Understanding these evolving threats represents the first step toward building more resilient infrastructure for the future.
(Source: ITWire Australia)
