Cyber-Physical Systems at Risk: How to Protect Critical Infrastructure
▼ Summary
– Nearly half of organizations report increased cyber risk to cyber-physical systems due to supply chain changes from global economic policies and geopolitical tensions.
– 67% of organizations are reconsidering their supply chain geography to mitigate CPS risks, while 73% are re-evaluating third-party remote access after recent breaches.
– 76% of respondents say emerging regulations may require them to overhaul their CPS security strategies, potentially disrupting operational efficiency despite current compliance.
– The top risk mitigation strategies identified are regular security audits (49%) and process improvements for change approvals (45%) to address vulnerabilities and third-party blind spots.
– Organizations are shifting from outdated “air-gap” security to focus on asset visibility and stakeholder engagement, recognizing that protection relies on people and processes rather than just technology.
The security of cyber-physical systems (CPS) that manage essential services like power grids and transportation networks is under unprecedented strain. A new global study reveals that nearly half of security professionals believe shifting global economic policies and geopolitical tensions are directly increasing cyber risks to these vital operational assets. This situation is compounded by widespread concern over the ability to effectively reduce risk and a lack of robust system audits, creating a clear danger to critical infrastructure worldwide.
Recent research, detailed in the report “The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape,” surveyed over 1,100 professionals across information security, operational technology engineering, and facilities management. The findings paint a concerning picture of the current threat environment.
Geopolitical and economic instability is creating a perfect storm for attackers. Forty-nine percent of respondents confirmed that supply chain changes driven by these global shifts are elevating cyber risk. In response, a significant 67% are reconsidering their supply chain geography to mitigate these dangers. This realignment introduces a ripple effect, escalating risks tied to third-party remote access as organizations onboard new vendors and tools into already complex CPS environments.
The vulnerabilities within these third-party relationships are stark. Forty-six percent of organizations reported a breach in the last year due to third-party access. Furthermore, 54% discovered security weaknesses in vendor contracts only after an incident had occurred. As a direct consequence, 73% of surveyed organizations are now re-evaluating all third-party remote access to their CPS operations.
Regulatory uncertainty adds another layer of complexity. Organizations are caught between swift deregulation in some areas and a push for more stringent rules in others. While nearly 70% of respondents stated their current CPS security programs adhere to established cybersecurity standards, a overwhelming 76% fear that emerging government, international, or industry-specific regulations will force a complete strategic overhaul. Such changes could severely disrupt operational efficiency.
An expert from the field noted that attackers often view times of instability as prime opportunities. Distracted security teams become less effective, and the profound impact of critical infrastructure on economic stability and public safety makes it an exceptionally attractive target. The survey underscores that economic uncertainty and geopolitical friction are making it harder for teams to protect these systems, with third-party vulnerabilities acting as a major risk multiplier.
The path forward requires an impact-centric approach to risk reduction. This strategy should focus squarely on regulatory outcomes and exposure management. The top mitigation tactics identified are regular security audits and improving processes for change approvals. These measures not only enhance compliance but also help uncover hidden vulnerabilities, especially those lurking within third-party vendor networks.
Highlighting the importance of a collective effort, one regional leader emphasized the need to broaden national security discussions to explicitly include critical infrastructure protection. With risk management reports currently due for operators, awareness campaigns should stress our shared responsibility to safeguard these assets and explore how government and industry can collaboratively bridge the longstanding gap between information technology and operational technology teams.
For a deeper understanding of these challenges and solutions, the full research report is available for download. A dedicated webinar will also be held to discuss these critical findings in detail, with multiple time slots offered to accommodate a global audience, including specific sessions for viewers in the Australian time zone.
(Source: ITWire Australia)
