Skip to main content

After hackers linked to China reportedly gained access to the IT networks of hundreds of small and medium-sized water and power utilities in the U.S, alarm bells are ringing for utilities and critical infrastructure (CI) operations across the world. In an attack that some observers suggest is pre-positioning for sabotage of water and power supplies should the U.S. look to intervene in any potential conflict with Taiwan, China has demonstrated the inherent weaknesses in operational technology (OT) systems that many have been calling out for the last decade.

Image description

The Ongoing Volt Typhoon Case

This type of threat is something that CISA (the U.S. Government’s Cybersecurity and Infrastructure Security Agency) first warned about over two years ago after detecting the tactics, techniques, and procedures (TTPs) linked to the Chinese hacking group ‘Volt Typhoon' were discovered affecting networks across U.S. critical infrastructure, which led to the warning being issued to CI operators of the potential threat.

The Real-World Impact of Infrastructure Attacks

The consequences of a successful attack on CI can be severe – for example, a hospital without water supply would be forced to evacuate within hours. A shut down in electricity generation could affect entire cities, bring transport to a halt and disrupt manufacturing facilities. Even when not directly targeting CI, cyberattacks can have far reaching effects. We don’t need to look far to see how a single intrusion can reach when industrial systems are subjected to a cyberattack. The recent Jaguar Land Rover (JLR) hack which forced the complete shutdown of production lines globally and reportedly affected over 5,000 related organisations. This incident is being described as the most expensive cyberattack ever in the UK with estimated economic losses of £1.9 billion (US$2.55 billion), and JLR losing £50 million per week from the shutdown.

Costs to business are one measure, but the cost to society could be far greater given the potential turmoil a successful attack on a city’s infrastructure could generate. It is no surprise then, that government cyber agencies would issue directives such as CISA 23-02 which required all US Gov Agencies to immediately implement controls to block access to web interfaces on appliances – but while important these seemingly small changes have wide ranging impacts to operational actions and costs of running utility companies.

Persistent Vulnerabilities in Utility Networks

The consequences of a successful attack on CI can be severe – for example, a hospital without water supply would be forced to evacuate within hours. A shut down in electricity generation could affect entire cities, bring transport to a halt and disrupt manufacturing facilities. Even when not directly targeting CI, cyberattacks can have far reaching effects. We don’t need to look far to see how a single intrusion can reach when industrial systems are subjected to a cyberattack. The recent Jaguar Land Rover (JLR) hack which forced the complete shutdown of production lines globally and reportedly affected over 5,000 related organisations. This incident is being described as the most expensive cyberattack ever in the UK with estimated economic losses of £1.9 billion (US$2.55 billion), and JLR losing £50 million per week from the shutdown.

Costs to business are one measure, but the cost to society could be far greater given the potential turmoil a successful attack on a city’s infrastructure could generate. It is no surprise then, that government cyber agencies would issue directives such as CISA 23-02 which required all US Gov Agencies to immediately implement controls to block access to web interfaces on appliances – but while important these seemingly small changes have wide ranging impacts to operational actions and costs of running utility companies.

Persistent Vulnerabilities in Utility Networks

The consequences of a successful attack on CI can be severe – for example, a hospital without water supply would be forced to evacuate within hours. A shut down in electricity generation could affect entire cities, bring transport to a halt and disrupt manufacturing facilities. Even when not directly targeting CI, cyberattacks can have far reaching effects. We don’t need to look far to see how a single intrusion can reach when industrial systems are subjected to a cyberattack. The recent Jaguar Land Rover (JLR) hack which forced the complete shutdown of production lines globally and reportedly affected over 5,000 related organisations. This incident is being described as the most expensive cyberattack ever in the UK with estimated economic losses of £1.9 billion (US$2.55 billion), and JLR losing £50 million per week from the shutdown.

Costs to business are one measure, but the cost to society could be far greater given the potential turmoil a successful attack on a city’s infrastructure could generate. It is no surprise then, that government cyber agencies would issue directives such as CISA 23-02 which required all US Gov Agencies to immediately implement controls to block access to web interfaces on appliances – but while important these seemingly small changes have wide ranging impacts to operational actions and costs of running utility companies.

Strategic Priorities for CI Operators

To mitigate risk, CI operators should prioritise:

  • Strong identity & device authentication across both IT and OT domains.
  • Network and device segmentation, especially isolating OT from general IT.
  • Reducing attack surfaces by disabling insecure remote access, default credentials, open ports.
  • Continuous Monitoring for unusual activity or lateral movement within networks.

The Role of Keyek Guard in Securing CI

The Keyek Guard Platform offers a scalable and effective solution for protecting access to systems and technology assets.

Role of Keyek Guard / Keyek Mod

  • Hardware-based identity for OT devices: Keyek Mod reduces the risk of rogue devices and lateral exploitation.
  • User identity verification: Keyek Card ensures secure authentication for personnel.
  • Virtual air gap and segmentation: Keyek Mod allows OT devices to communicate only with authorised endpoints, maintaining isolation while enabling remote access.
  • Legacy infrastructure protection: Utilities can retrofit Keyek Mod onto existing OT systems, enhancing security without costly replacements.
  • Scalable for resource-constrained utilities: The platform reduces reliance on large in-house cyber teams, addressing the “target rich but cyber poor” challenge.

Keyek Guard offers the next generation of platform that secures connected systems, machines and data. The Keyek Guard Platform ELIMINATES credential and identity compromise on open networks to act as the foundation of any zero-trust deployment. With our ecosystem partners Keyek Guard’s modern end-to-end ICAM solution provides Next Generation MFA^ and advanced Attribute Based Access Control (ABAC) for powerful granular access management to systems and assets.

Any critical infrastructure operator migrating to the Cloud, connecting OT and IT networks, wanting to exploit open networks for machine communications, or looking to secure their supply chain should assess the Keyek Guard Platform.

^Next Generation MFA: Secure hardware bound cryptographic authenticator (NIST AAL3) with identity verification. Phish-resistant, Tamper-resistant, Verifier impersonation-resistant, Compromise-resistant.

Read more from Keyek

Enquire with Keyek today