Can Next-gen Resiliency Architectures Help Dilute the ‘Defining Threat of Our Generation’?

The FBI kicked off 2024 with a stark warning: Attacks on governments and critical infrastructure, including by nation-state actors, are the “defining threat of our generation.” Considering all the nefarious activity seen in 2023, from attacks targeting the U.S. water supply and electric grid to hospitals and emergency response systems, this warning was more than warranted.

As if to help prove the agency right, malicious actors were even more focused on targeting infrastructure in 2024. A 70% surge in attacks on U.S. utilities, the Salt Typhoon Campaign, and the rising tide of AI-assisted cyber espionage were just a few highlights. And don’t forget the breach at American Water Works in October that could have jeopardized the water supply and public health of millions of people across 14 states and 18 military installations—and which, very thankfully, did not.

The list of cyber incidents involving critical infrastructure in the U.S. and around the globe is already long, and it continues to expand. While we can’t know what 2025 will bring, given recent trends, we should expect to see more of the same, if not worse. The message for organizations in critical infrastructure sectors? The time is now to double down on efforts to increase their cyber resilience.

Before we look at some tools and strategies for fortifying resilience, I want to highlight a few facts about the threat landscape for critical infrastructure to help underscore what organizations are up against.

1. Attackers targeting these sectors are big on pre-positioning.

Bad actors targeting critical infrastructure use sophisticated strategies, including pre-positioning malware within vital systems. (The Volt Typhoon advanced persistent threat (APT) group is among these actors.) Pre-positioning allows adversaries to strategically activate their threats at any time, potentially causing widespread disruption without warning. It is not unusual for APTs to sit in networks for months or even years, moving laterally and collecting intelligence before striking.

2. Many adversaries are state-backed operators.

Well-organized and state-sponsored groups with substantial resources—and the motivation to wreak havoc on nations or organizations they consider competitors or enemies—are often behind attacks against critical infrastructure. (Hello, again, Volt Typhoon.) The sheer scale of these operations often leaves targets on the defensive, struggling to keep pace with ever-evolving threats. (According to the FBI, Chinese hackers outnumber U.S. cyber agents by a staggering 50:1 ratio.)

3. Attackers see public sector IT systems as easy pickings (and they’re often right).

Many critical infrastructure operators, particularly in the public sector, lack the specialized security personnel and resources that private organizations use to create and maintain robust, agile defenses. This disparity leaves them more susceptible to sophisticated attacks, including stealthy, potent, and long-game plays like APTs. Legacy systems that are too costly or difficult to update; aren’t well-maintained, protected, or monitored; or are sometimes forgotten about entirely in a vast and complex IT ecosystem can offer many tempting inroads for adversaries.

Building the Foundation for Next-generation Resiliency: Why and How

There’s another problem with legacy systems in critical infrastructure sectors: the potential for the domino effect during a cyberattack. For example, many operators rely heavily on centralized, legacy data storage systems. If a single facility is compromised, it can potentially bring an entire operation to its knees. This highlights the urgent need for decentralized, resilient architectures—systems that reduce the risk of a single point of failure by distributing data across multiple locations.

More than that, critical infrastructure operators must also shift from focusing merely on prevention to achieving comprehensive resilience. Resiliency is about recovery. That means when resilient organizations are inevitably hit with a cyberattack, they can maintain core functions and get back to business fast. To build the foundation for next-gen resiliency, organizations should:

• Create comprehensive incident response plans: Developing and regularly updating detailed plans for responding to various cyberattack scenarios is essential for organizations in the critical infrastructure space. CISA offers some sector-specific plans, like this one for energy, which are a few years old but still provide a useful starting point. NIST and FEMA also offer resources like frameworks and toolkits. Information Sharing and Analysis Centers (ISACs) provide sector-specific threat intelligence, best practices, and incident response guidance.
• Conduct regular risk assessments: Dynamic and ongoing risk assessments are critical for identifying weak points in systems and processes that adversaries might exploit. (They’re also key to building an effective cyber resiliency framework.) Organizations should assess both technical vulnerabilities, like outdated software or unpatched systems, and operational risks, such as insufficient employee training or gaps in incident response protocols.
• Foster a cybersecurity culture: Cybersecurity is not just the responsibility of IT teams—it requires a collective effort across the organization. All staff members, from top leadership to front-line employees, need to understand their role in helping to improve cybersecurity. They also need to understand why their roles, responsibilities, and access privileges might make them attractive targets for adversaries looking to gain a foothold in the organization so they can launch an attack or engage in other mischief.
• Invest in modern data storage: Leading-edge solutions like the Evergreen//One™ platform from Pure Storage can ensure data integrity and rapid recovery capabilities. (I’ll expand on the benefits of our storage-as-a-service [STaaS] platform below.) Immutable and indelible backups are also a must because they allow organizations to create unalterable snapshots of critical data and apps. Immutable snapshots provide a clean, reliable data recovery point following an attack or disaster. (And when you use tools like SafeMode™ from Pure Storage, those snapshots are also ineradicable.)
• Participate in public-private partnerships (PPPs): Collaboration among government agencies, industry peers, and cybersecurity experts to share cybersecurity trends and best practices is a crucial but often overlooked or undervalued step toward increasing resilience. Public-private partnerships are essential for building a united defense against cyber threats targeting critical infrastructure.

The Role of Advanced Data Storage in Modern Cyber Defense

Public sector organizations and critical infrastructure operators, in particular, have a duty to safeguard the data and systems that underpin essential services. However, when a water treatment facility has to revert to “manual operations” in the wake of a cyberattack, it should be a wake-up call for all businesses, no matter their industry. They should be asking: What are our options if our systems are compromised? If we don’t have manual operations, how can we get back in business fast?

One solution, from a data storage perspective, is the Pure Storage platform. It’s fast, and it helps organizations restore their operations lightning-quick with immutable snapshots of critical data. Critical infrastructure operators can maintain data integrity and rapidly recover from ransomware attacks and other cyber incidents with clean arrays during forensic reviews—significantly enhancing their resilience against cyber threats.

This brings us back to Evergreen//One, a key component of our platform. This enterprise-grade, STaaS solution is subscription-based and features a 99.9999% uptime guarantee and many other compelling service-level agreements (SLAs). But there is one unique add-on that we’ll focus on here that can provide organizations in critical infrastructure sectors with even more peace of mind: the Evergreen//One Cyber Recovery and Resilience SLA.

This first-of-its-kind SLA, which we introduced earlier this year, guarantees a clean storage environment for rapid restoration of critical operations. It includes: