The 2021 attacks on two water treatment facilities in the US—combined with ransomware attacks on an oil and gas supplier and a meat and poultry distributor—could lead most people to believe that a critical infrastructure “big one” is coming.

But, as Lesley Carhart, principal threat hunter with Dragos, tells us, the chances of such an event are remarkably slim. In fact, critical infrastructure’s regular disaster planning often leads to practices that can detect, limit, or prevent any wide-reaching cyberattack.

"There’s this idea that there’s going to be this global, catastrophic event that’s going to affect everything and everyone, simultaneously, due to a cyberattack, and that’s just rather obtuse and absurd,” Carhart said.

Tune in to hear about critical infrastructure cybersecurity—how individual organizations plan for disasters, how those disasters incorporate cybersecurity events, and how the different sectors within critical infrastructure receive wildly different funding and resources—on the latest episode of Lock and Code, with host David Ruiz.

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.