Cyberattacks on OT, ICS Lay Groundwork for Kinetic Warfare

INFOSEC23 – London – The concept of cyber warfare isn't new, but attacks on operational technology (OT) and industrial control system (ICS) environments could enable the development of kinetic weapons with physical effects, at least one expert is warning.

Speaking at Infosecurity Europe on "The Future of Cyberwarfare," Chris Dobrec, vice president of product marketing for Armis, looked at past examples of attacks that affected OT and ICS environments, such as Stuxnet, Havex, and Blackenergy, as well as the use of Ryuk ransomware on Colonial Pipeline. "Demonstrated attacks can have kinetic effect and can harm humans," he said.

Are We Ready for Cyber Warfare?

Pointing at the company's cyber-warfare research from last year, Dobrec showed results that found 24% of respondents were not prepared to handle the effect of these kinds of attacks — yet counterintuitively, three-quarters (76%) believe that they have appropriate controls in place. Also, the research found that after the Russian invasion of Ukraine, 74% of respondents agreed that response to OT attacks needs to be a board-level issue.

Pointing at the HSE attack last year, Dobrec predicted that there will be more attacks on healthcare organizations in particular in the future, as well as on utilities and transportation.

"It is bizarre that OT is now vulnerable and exposed, so widen that aperture in your overall organization and monitor for potential threats," he said. "Look for the potential vulnerabilities in these systems that you may have not been looking at previously, and then work to actually continuously monitor and remediate that."

He added, "Also engage the entire organization: it's not just the IT and security folks, but the operational folks that are involved in keeping those systems up and running."