Gartner-Prognose: 30% aller Organisationen im Bereich kritische Infrastruktur werden bis 2025 eine Sicherheitsverletzung erleben

Laut dem Research- und Beratungsunternehmen Gartner werden bis 2025 30 % der Organisationen im Bereich kritische Infrastruktur von Sicherheitsvorfällen betroffen sein, die zum Stillstand eines funktions- oder unternehmenskritischen cyber-physischen Systems führen.

Für Regierungen weltweit ist die Sicherung kritischer Infrastrukturen ein Hauptanliegen. Die USA, Großbritannien, die EU, Kanada und Australien haben jeweils Sektoren festgelegt, die als „kritische Infrastruktur“ gelten, z. B. Kommunikation, Verkehr, Energie, Wasser, Gesundheitswesen und öffentliche Einrichtungen. In einigen Ländern befindet sich die relevante Infrastruktur in staatlichem Besitz, während in anderen, wie in den USA, die Privatwirtschaft einen weitaus größeren Teil besitzt und betreibt.

„Die Regierungen vieler Länder erkennen jetzt, dass ihre relevanten nationalen Infrastrukturen seit Jahrzehnten ein undefiniertes Angriffsgebiet sind“, sagt Ruggero Contu, Research Director bei Gartner. „Sie ergreifen jetzt Maßnahmen, um mehr Sicherheitskontrollen für die dahinterliegenden Systeme vorzuschreiben.“

Gartner Predicts 30% of Critical Infrastructure Organisations Will Experience a Security Breach by 2025

By 2025, 30% of critical infrastructure organisations will experience a security breach that will result in the halting of an operations- or mission-critical cyber-physical system, according to Gartner, Inc.

Critical infrastructure security has become a primary concern for governments around the world, with the US, UK, EU, Canada and Australia each identifying sectors deemed ‘critical infrastructure’, for example, communications, transport, energy, water, healthcare and public facilities. In some countries, critical infrastructure is state-owned, while in others, like the US, private industry owns and operates a much larger portion of it.

“Governments in many countries are now realising their national critical infrastructure has been an undeclared battlefield for decades,” said Ruggero Contu, research director at Gartner. “They are now making moves to mandate more security controls for the systems that underpin these assets.”

A Gartner survey* showed that 38% of respondents expected to increase spending on operational technology (OT) security by between 5% and 10% in 2021, with another 8% of respondents predicting an increase of above 10%.

However, this may not be enough to counter underinvestment in this area over many years, according to Gartner.

“Besides the need to catch up, there is a growing number of increasingly sophisticated threats,” Contu said. “Owners and operators of critical infrastructure are also struggling to prepare for the coming increased oversight.”

Increased risk needs holistic security approach

Over time, the technologies that underpin critical infrastructure have become more digitized and connected — either to enterprise IT systems and/or to each other — creating cyber-physical systems security risks. The result has been a substantial increase in the attack surface for hackers and bad actors of all kinds.

In critical infrastructure sectors, organisations need to be more concerned about real world hazards to humans and the environment, rather than information theft. Gartner predicts that by 2025, attackers will have weaponised a critical infrastructure cyber-physical system to successfully harm or kill humans.

Gartner recommends that security and risk management (SRM) leaders in critical infrastructure sectors develop a holistic approach to security, so that IT, OT and Internet of Things (IoT) security are managed in a coordinated effort.

“SRM leaders should accelerate efforts to discover, map and assess the security posture of all cyber-physical systems in their environment,” said Contu. “Invest in threat intelligence and join industry groups to stay apprised of security best practices, upcoming mandates and requests for inputs from government entities.”

*Note to editors: The 2021 Gartner IT/OT Alignment and Integration Survey was conducted online from April -May 2021 among 401 respondents from industries in North America, Western Europe and Asia/Pacific. Respondents were knowledgeable about decisions of their organisation’s OT-related activities.

Gartner clients can read more in “Predicts 2022: Cyber-Physical Systems Security — Critical Infrastructure in Focus.”