Public works are critical to our national stability, and as such, provides a large opportunity for threat actors to target. Common challenges we see in this arena are:
1. Aging Infrastructure:
Many public works operate on legacy systems that were not designed with modern cybersecurity threats in mind. These systems can be difficult to update or patch without causing disruptions in service.
2. Resource Limitations:
Public works departments often face budgetary constraints, which can lead to underfunded IT and OT security measures.
3. Complex Regulatory Environment:
Public works must comply with a myriad of regulations, which can vary widely from one jurisdiction to another, making compliance a complex and resource-intensive endeavor.
4. Interconnectivity Risks:
The increasing interconnection of OT systems with IT networks can introduce vulnerabilities, where a breach in one can affect the other.
5. Physical Security Threats:
Public works systems face not only cyber threats but also physical threats that require integrated security solutions.
6. Insider Threats:
Employees or contractors with access to systems pose potential risks if they misuse their access or are compromised by external actors.
7. Supply Chain Vulnerabilities:
Public works are often part of a larger supply chain that can introduce security vulnerabilities through third-party vendors or service providers.
8. Disaster Recovery Planning:
Developing robust disaster recovery and incident response plans that can be quickly activated in the event of a cyber incident is challenging but essential.
9. Public Safety Considerations:
Any security incident in public works can have immediate and widespread implications for public safety, necessitating rapid and effective response mechanisms..
10. Talent Shortage:
There is a shortage of cybersecurity professionals with the expertise needed to protect complex and unique OT environments.
11. Lack of Awareness:
There may be a lack of cybersecurity awareness among the workforce, which is compounded by the diverse range of functions and services within public works.
12. Diverse Operational Technology:
Public works systems often use a wide array of OT devices from different manufacturers, making standardized security protocols difficult to implement.
Addressing these challenges often requires not only technical solutions but also organizational and policy changes, cross-sector collaboration, continuous monitoring, regular training and drills, and community engagement to ensure the resilience of public works against cyber and physical threats.