Attacks on (Critical) Industrial Infrastructure Increase as Defenders Struggle
In 2022 security companies that track these attacks saw a rise in the number and sophistication of attacks on critical infrastructure.
They also saw the introduction of a malware toolkit with plugins to attack tens of thousands of control systems across every industry.
Responders discovered, not surprisingly, that the vast majority (more than 75%) of infrastructure owners had no visibility into ICS traffic, did not properly segment their networks and had unmanaged connections to the outside world.
WHAT? COULD? POSSIBLY? GO? WRONG?
For many of the attackers (for example, North Korea), creating chaos is the end game. They don’t need to attack critical infrastructure for money or intellectual property, although they will take either or both.
Dragos, one of the companies that does incident response in this space, says they are tracking 20 separate “treat groups”, so this is not like some lone wolf operating out of their parent’s basement.
Right now, Russia might be extremely interested in causing damage here in the U.S. Damage might include shutting down critical infrastructure (think about the chaos when Colonial Pipeline shut down last year) or many other possibilities. Or, as we have already seen as possible, exploding it. DHS has been working for the last few years on coming up with Rube-Goldberg solutions that would allow critical infrastructure to Band-Aid pieces together to turn the lights back on, so to speak. Not pretty, but it will work in certain cases.
We have also seen a rise in domestic terrorists. Cutting fiber optic cables ringing Baltimore to shut down the Internet locally. Shooting up power substations across the country. Attempting to poison the water supplies in Kansas and Florida. Again, not localized and, at least so far, not centralized, but that could change quickly.
It is important to remember that these attacks might affect your supply chain. If your suppliers have no power or gas or whatever, they won’t be able to supply parts to you. YOU will likely not be able to recover any damages because most contracts have a force majeure clause that gives them a “get out of jail free” card in situations like this.
Worse yet, your insurance probably won’t cover it either. They might call it state-sponsored or an act of (cyber) war. Many insurance policies, especially those underwritten by Lloyds of London, are now REQUIRED by the underwriter to include exclusions like these.
The problem is that upgrading critical infrastructure will cost many billions of dollars and take years. Decades, in fact. In addition, it will require complete reengineering of the infrastructure and likely new tools that may not even exist today.
Other than that, a piece of cake.
Credit: CSO Online