Cyberattacks Causing Physical Disruption on the Rise
At least 68 cyberattacks last year caused physical consequences to operational technology (OT) networks at more than 500 locations worldwide.
Damage from these attacks ranged up to $100 millon.
OT attacks are attacks on the systems that run businesses like manufacturing, transportation and the cities themselves. If you think about all of the computers that run these, they are the operational technology. Think about robots in warehouses, valves and gauges in refineries, computers that run traffic lights and street lights and millions more. That is one thing that hackers are going after.
Why? In many cases the technology is old. OT systems have a life expectancy of up to 40 years. In many cases, securing them is hard. In other cases, companies are not investing enough. In many cases, it shuts down the businesses for days or weeks.
According to Waterfall Security, in many cases, the villains are hacktivists as opposed to the traditional crooks who just want money. Many of the attacks do not involve direct manipulation of the OT systems themselves, but the outages are just as real.
Last year’s cyberattack at Johnson Controls cost them $27 million and the one at Clorox cost them $49 million.
In many cases, with IT systems being connected to OT systems, companies are forced to shut down OT systems just to prevent them from being affected when those IT systems are hit by ransomware. The Colonial Pipeline attack was a high profile example of that.
Sometimes, like at ports, the container movement systems had to be shut down when the IT systems were compromised because those systems told the OT systems where to pick up containers and where to set them down.
Water treatment facilities are high on the attack radar due to a variety of reasons and when people don’t have water to use, that becomes a problem very quickly.
There are more than 20,000 drinking water systems and 200,000 waste water systems in the U.S. The vast majority are tiny. In many cases they might support a hundred or few hundred homes. Their primary goal is to reduce cost. They don’t think to much about cyber safety. A water system near me was down recently for more than a week. That got a lot of attention very quickly.
These organizations (the water systems) choose to allocate very little money to security, so it is not surprising that they get hacked. For other systems, like manufacturing, cybersecurity is just now coming onto the radar, so it is going to take quite a while and billions of dollars to fix. In the meantime, expect more attacks and outages. Credit: Dark Reading