The number of cyber attacks with serious physical consequences is growing at an alarming rate, having doubled since 2010. The floodgates have opened.
On the type and frequency of attacks:
- In 2023, 57 out of 218 incidents in OT had physical consequences, ranging from outages to fire to equipment damage. In many cases, the victim shut down their operations themselves to prevent further damage. There were also some notable near-misses, which targeted critical infrastructure such as the power grid and food supply.
- One in ten of these attacks was carried out by hacktivists - who do so for ideological reasons, not monetary gain - while the vast majority were by ransomware groups seeking payment.
- The most targeted industries were transportation, discrete manufacturing, and food and beverages - sectors which have a high level of dependence on IT.
- The sophisticated tools used to carry out these attacks were only available to nation-state threat actors as little as five years ago, but are now available to cyber criminals. So, in the near future, expect these criminals to be capable of everything we see happening today.
Source: 2023 Threat Report – OT Cyberattacks With Physical Consequences (until October 2022)
On responding to attacks:
- Attacks on critical infrastructure call for a rethink of cybersecurity as a whole. As the US national strategy highlights, the security of services upon which millions of people depend shouldn’t hinge on a single employee clicking a malicious link or misplacing their password.
- The TSA recommends that operators reduce OT dependencies on IT services as much as possible, but in practice, this can be very difficult to achieve.
- The intersection of engineering and cybersecurity is expected to play a bigger role in the future—in employing physical safety measures to prevent explosions, for instance.
