In 2024, public infrastructure attacks grew across the globe as hacking groups tried to disrupt electrical, water, gas, transportation, and nuclear power systems. Some of the most notable cyber attacks on public infrastructure in 2024 included:
Attacks on U.S. wastewater systems and an energy company –– In April 2024, an attacker remotely manipulated settings on human-machine interfaces (HMIs) for two U.S. wastewater systems and one energy company.
Attacks on Texas water facilities –– In January 2024, an attacker accessed control systems at two Texas water facilities and tampered with water pumps and alarms.
Attack on El Salvador's national cryptocurrency wallet –– In April 2024, hackers attacked Chivo, El Salvador's national cryptocurrency wallet, and exposed over 144 GB of sensitive personal information.
What systems run critical infrastructure?
Critical infrastructure is operated and protected by systems with various names. In the tech world, they’re commonly known as Industrial Control Systems (ICS) and Operational Technology (OT), often referred to as ICS / OT.
While these are critical systems for societies that depend on them, the problem is that most of these systems weren’t designed for cybersecurity and often have vulnerabilities that must be addressed. We must revisit these systems and mitigate them against attacks across the industry. The reason cybersecurity is important now more than ever is because due to technological advancements, these systems are now getting digitized.
Operational Technology (OT) and Industrial Control Systems (ICS)
Operational technology (OT) is a category of hardware and software that monitors and controls physical devices, processes, and infrastructure. OT is used in many industries, including manufacturing, oil and gas, aviation, and utilities.
An industrial control system (ICS) is a general term for a system that controls and manages industrial processes. ICSs can include physical and digital objects, devices, systems, networks, and controls that regulate the behavior of machines and processes and allow humans to interact with them.
ICSs are used in many industrial sectors, including manufacturing, chemical processing, oil processing, telecommunications, food and beverage production, automotive, and pharmaceuticals.
ICSs can also support a nation's critical infrastructure, such as electrical grids, public transportation, water treatment, energy, and public communication systems. ICSs can include control components such as: electrical, mechanical, hydraulic, and pneumatic. Some examples of ICSs include:
Supervisory control and data acquisition (SCADA) systems
Distributed control systems (DCS)
Programmable logic controllers (PLC)
Programmable automation controllers (PACs)
Remote terminal units (RTUs)
Control valve diagnostics
Control servers
Intelligent electronic devices (IEDs)
Sensors
The rise of smart devices and the Internet of Things (IoT) has increased the usability, efficiency, and productivity of ICSs, but it has also impacted their security. To protect ICSs from unauthorized access and exploitation, organizations can implement cybersecurity measures such as robust authentication, access control, and encryption.
Why is this important? While the exploitation of a vulnerability in a critical infrastructure system may feel far removed from your life, such an exploitation can wreak havoc in your life almost immediately. The 2024 cyberattacks against U.S. water facilities and power systems left everyday Americans without access to these critical resources. The disruption was felt by individuals at home, at work, and in community spaces ranging from schools to hospitals.
What skills are needed to meet today’s infrastructure demands?
Cybersecurity professionals working in ICS / OT environments need a diverse set of skills to effectively manage and secure these systems. Here are some key skills required:
1. Understanding of OT Systems:
Knowledge of industrial control systems (ICS), SCADA (Supervisory Control and Data Acquisition), and DCS (Distributed Control Systems)
Familiarity with various OT protocols like Modbus, DNP3, and OPC
2. Cybersecurity Fundamentals:
Proficiency in basic cybersecurity principles, including risk management, threat detection, and incident response
Understanding of network security, including firewalls, intrusion detection/prevention systems (IDS/IPS), and secure network architecture
3. Risk Assessment and Management:
Ability to conduct risk assessments specific to OT environments
Skills in developing and implementing risk mitigation strategies
4. Incident Response and Management:
Expertise in developing and executing incident response plans tailored to OT systems
Knowledge of forensic analysis and root cause analysis in OT environments
5. Compliance and Regulatory Knowledge:
Familiarity with industry standards and regulations such as NERC CIP, IEC 62443, and NIST SP 800-82
Ability to ensure compliance with relevant laws and standards
6. Physical Security Integration:
Understanding the integration of physical security measures with cybersecurity practices
Skills in managing access control systems and surveillance technologies
7. System and Network Administration:
Proficiency in managing and securing OT systems and networks
Knowledge of patch management and system hardening techniques
8. Communication and Collaboration:
Strong communication skills to effectively collaborate with IT and OT teams
Ability to convey complex cybersecurity concepts to non-technical stakeholders
9. Problem-Solving and Analytical Skills:
Strong analytical skills to identify and resolve security issues
Ability to think critically and adapt to evolving threats
10. Continuous Learning and Adaptability:
Commitment to staying updated with the latest cybersecurity trends and threats, especially those involving the introduction of AI-powered threats.
Willingness to continuously learn and adapt to new technologies and methodologies
CompTIA’s upcoming State of Cybersecurity 2025 report found that only 44% of companies have high confidence in the visibility and approach they are taking with their IoT/OT assets, making this asset class the one that businesses are least confident in.
The skills listed above are essential for cybersecurity professionals to effectively protect OT environments from cyber threats and ensure the safe and reliable operation of critical infrastructure. As highlighted by the lack of confidence companies have in their approach to IoT/OT cybersecurity measures, there is a need for training and upskilling to bridge these perceived cybersecurity skills gaps.
How to Obtain ICS / OT cybersecurity skills
CompTIA certifications teach the core networking and cybersecurity skills required by ICS / OT professionals. CompTIA Network+ covers foundational networking skills that help candidates understand the many network environments that exist and what protocols ensure security.
Building on these skills, CompTIA Security+ covers the core cybersecurity skills today’s tech professionals need. Among these skills are identifying vulnerabilities and threat actors with relevant tools and implementing protocols to defend against them. The core skills covered in both Network+ and Security+ can then be applied to ICS/OT environments.
CompTIA CySA+ is also very helpful because ICS / OT networks must be continuously monitored, and ICS / OT environments use specialized versions of existing cybersecurity tools, such as Splunk for ICS / OT. CompTIA CySA provides cybersecurity professionals with the skills needed for incident detection, prevention and response through continuous monitoring.
Specialized skills and work roles
There are two sets of important skills needed beyond the core networking/cybersecurity tasks:
Anyone working in this industry should understand ISA/IEC 62443. It is a set of international standards that provide guidelines for securing industrial automation and control systems (IACS) and operational technology (OT) networks. The ISA/IEC 62443 Fundamentals Specialist certification covers these skills.
The other set of skills are the specialized intermediate-level cybersecurity skills used to protect the ICS / OT environment. The GIAC Global Industrial Cyber Security Professional Certification (GICSP) validates these skills. The Gartner group will be releasing a Magic Quadrant for ISC / OT industry tools for the first time in 2025. Gartner’s entry into the ICS / OT industry demonstrates the growing importance of this industry sector.
Gain specialized skills and prepare for these work roles and others with CompTIA
The CompTIA Cybersecurity Career Pathway is a suite of cybersecurity certifications that prepares candidates with relevant skills needed for today’s evolving cyber threats. With this career pathway, candidates will have access to skills training that will prepare them for these roles and others:
Cybersecurity Analyst: A traditional cybersecurity work role used for continuous security monitoring to identify malicious behavior on complex enterprise networks and mitigate it.
OT Security Analyst: A cybersecurity analyst that specializes in OT networks.
OT / IoT Security Specialist: A cybersecurity specialist that specializes in OT / IoT networks.
OT System / Security Engineer: A cybersecurity engineer that specializes in OT networks.
The ICS / OT environment will continue to grow in importance as cybersecurity incidents continue to threaten our public infrastructure systems. Expect solid progress in the industry sector over the coming years as these systems become more resilient against the next attack.
