Approximately 85% of the nation's critical infrastructure is owned by the private sector, . And, with pressure to increase profits and reduce expenses, many utilities have combined their control system networks with their commercial business networks, according to Arjen Zwaag of speaking at a Pipeline Technology Conference.

By operating over a shared network, not only do the two environments now share the same vulnerabilities, but a hacker also now has a clear, direct and trusted path to get from one environment to the other.

Adding to this, these same business networks are also connected to other private and commercial networks designed to provide end-to-end business functions, including services such as telecommunications, research and development, IT help desk and support, and many more.

For hackers, this means even more shortcuts to the critical infrastructure. Many sophisticated and targeted attacks known as (APTs) don't go directly for the pot of gold; instead they tend to find more easily accessible initial points of entry within less secure systems, and then once they're in, strategically and unobtrusively work their way through chains of connected systems and networks to reach their end-targets.

APTs are unavoidable by nature, and a compromise within the private/commercial infrastructure that extends to a compromise within the critical infrastructure could lead to unfathomable amounts of damage. With the public utilities facing on a daily basis, one must wonder if hackers are already taking this approach of attacking commercial enterprises first as a means to make their way into the critical infrastructure. It is inevitable that these cyber adversaries will someday attack the oil industry, the transportation sector, and the electric grid via the commercial enterprise.