The best case – and overly optimistic  scenario for when a cyberattack hits is mild disruption and quick recovery. To mitigate damage, companies would have to have well-trained employees, data backups at the ready and a detailed response plan in place. 

But even the most limited attack against a critical infrastructure entity could have devastating consequences and the potential to disrupt essential services, from electricity or public transit to safe drinking water. 

    The U.S. government sorts critical infrastructure into 16 categories, from food and agriculture to nuclear reactors and waste. With the ongoing war in Ukraine, the U.S. is closely watching for potential spillover attacks from botnets and wipers and as well as more targeted, custom-made malware targeting infrastructure providers in NATO countries.

    Already, the business world has seen disruption from critical infrastructure attacks. The Colonial Pipeline ransomware attack in 2021 briefly disrupted fuel delivery in key southeast markets and a separate attack against JBS impacted the meat and poultry supply chain. 

    The challenge is, critical infrastructure is largely run by private entities, limiting government interaction. These organizations are left to shore up cyber defenses and stand against attacks from even the biggest adversaries — nation states. 

    In this report on defending critical infrastructure, explore:

    •  Where new rules and regulations fit in the conversation
    • A discussion on which critical infrastructure is most vulnerable
    • A look at one industry’s security fears