Urgent Action Needed: Protecting IoT in Critical National Infrastructure

Ensuring the integrity of the power grid is no longer optional—it's a national security imperative.

IoT devices are rapidly permeating every corner of our lives, from smart thermostats to autonomous vehicles. While they deliver unprecedented efficiency, they also create a proliferation of new attack vectors. Alan Grau, VP of IoT Embedded Solutions at Sectigo emphasizes that securing these gateways must be a top priority.

While most people recognize the need to protect power and water systems, the conversation often overlooks the crucial role of authenticating IoT devices with digital certificates. Without that layer of identity verification, endpoints remain vulnerable to the very attacks that are already widespread.

According to the Ponemon Institute, 90 % of critical national infrastructure (CNI) providers are already contending with IoT attacks—leaving the remaining 10 % unaware that they too are targets. As distributed denial‑of‑service (DDoS) and ransomware campaigns increasingly target unsecured devices, organizations across the ecosystem—from servers to vehicles to power grids—must act now.

Governments worldwide have begun to issue regulatory requirements for consumer device security, but these measures are still fragmented and incomplete. Responsibility falls on every stakeholder—OEMs, system integrators, and end‑user organizations—to embed and adopt authentication technologies that protect our essential services.

Securing the Healthcare Sector

Healthcare institutions handle vast volumes of highly sensitive data: intellectual property, personal health information (PHI), and device configurations. These assets are prized targets for malware, ransomware, IoT botnets, phishing, business email compromise, extortion, and large‑scale breaches.

Unfortunately, many healthcare organizations lack robust encryption for data in transit and at rest, and they underutilize the protective benefits of digital identity across their device ecosystems.

Even more alarming is the overlooked threat posed by unsecured medical “things” such as biosensors, wearables, pacemakers, and infusion pumps. As patient care becomes increasingly digitized—and as payment data is also stored and transmitted—continuous fortification of security controls is essential to stay ahead of evolving threats.

Protecting Connected Vehicles

The rise of autonomous vehicles amplifies the stakes of IoT security. Delivery trucks, buses, taxis, and personal cars will soon communicate with each other and with city traffic systems, creating rich targets for attackers.

The 2019 Consumer Watchdog report “Kill Switch” predicts that more than two‑thirds of new cars on American roads by 2022 will have online connectivity to safety‑critical systems. A single compromised vehicle could disrupt traffic flow, or worse, cause accidents and endanger lives. Massive ransomware attacks on fleets could cripple transportation networks.

Fortifying the Power Grid

IoT devices are indispensable in the energy sector: sensors and control units monitor supply, prevent outages, and enable predictive maintenance. Modernized grids promise energy efficiency and reduced human intervention.

However, this automation has attracted persistent cyber threats. Over the past decade, attacks and incidents have highlighted the energy industry's vulnerability and its high value to adversaries. Notably, Russia’s test attack on Ukraine’s grid demonstrated the ability to shut down entire regions.

Given the catastrophic potential of such incidents, securing IoT infrastructure within the energy sector has never been more urgent.

Embedding Security from the Factory Floor

Legislation, manufacturers, and supply‑chain partners all share responsibility. Identity management must be built into devices from the outset, automated to prevent human error, and updated throughout each device’s lifecycle.

Digital certificates, secure boot, over‑the‑air updates, and embedded firewalls form the core of a resilient defense. They block unauthorized connections before they reach the network, keeping cybercriminals out from the very beginning.

Enterprise and embedded IoT security is now a national interest, not just a vendor or operator concern.

The author is Alan Grau, VP of IoT Embedded Solutions at Sectigo.

About the Author

Alan Grau is Vice President of IoT Embedded Solutions at Sectigo, a global leader in automated digital identity management and web security. Since joining Sectigo in May 2019 following the acquisition of Icon Labs—a pioneer in IoT and embedded device security—Grau has driven the development of industry‑leading solutions that secure billions of connected endpoints worldwide.