Cyberattacks with Tangible Terrors: Navigating the Rising Threat to Operational Technology Networks
Charles M. Walls | April 2, 2024 | Views: 225
Last year, a staggering 68 cyber incidents transcended the digital realm, inflicting tangible damage on operational technology (OT) networks across over 500 global sites. Some organizations faced financial losses ranging between $10 million and $100 million due to these attacks. Contrary to what one might expect, these incidents were not the result of sophisticated, Stuxnet-level cyber warfare but stemmed from more commonplace sources.
Waterfall Security Solutions, an industrial control system (ICS) vendor, has released a report unveiling the realities of cyber threats to OT environments. It appears that hacktivists, not state-sponsored hackers, are the primary adversaries targeting these systems. The report highlights a significant insight: most operational disruptions don't directly result from attacks on OT systems but rather from collateral damage caused by cyberattacks on IT infrastructure, particularly through ransomware.
Yet, the fallout from these incidents can be just as devastating. Notable companies such as Johnson Controls and Clorox suffered losses to the tune of $27 million and $49 million, respectively, due to cyber incidents last year. A single attack on MKS Instruments in Massachusetts led to a staggering $200 million in direct losses, with an additional $250 million lost by one of its suppliers, Applied Materials Inc. Overall, attacks causing physical damage saw a nearly 20% increase from the previous year.
Waterfall's research, conducted in partnership with the OT incident threat database ICS STRIVE, reveals that only a quarter of cyberattacks causing OT disruptions in the past decade and a half were the result of direct hits on OT networks. Andrew Ginter, VP of industrial security at Waterfall and co-author of the report, explains that many attacks impacted OT systems indirectly, by compromising IT networks. Companies often halted OT operations as a precaution, fearing the risk of running complex and potentially dangerous processes near compromised IT systems.
The precautionary shutdown of operations wasn't always due to direct threats to safety. In some instances, it was because IT network failures crippled essential operational facilities, such as shipping container tracking or passenger information systems at large transport hubs. This interconnectedness between IT and OT systems underlines a vulnerability many fail to consider until it's exploited, as seen when UK Royal Mail's operations were disrupted by ransomware, costing £42 million.
The manufacturing sector bore the brunt of these cyberattacks, accounting for over half of the publicly reported incidents with OT consequences in 2023. However, the water sector presents a particularly alarming target due to the combination of high vulnerability and potentially catastrophic impacts of attacks. An attack on water systems in the Irish villages of Binghamstown and Drum, likely by Iran's Cyber Av3ngers, left residents without water for two days, spotlighting the critical risks to infrastructure with minimal cybersecurity measures.
Andrew Ginter warns of the growing threat facing the nation's water systems, exacerbated by the drive towards automation and the lack of dedicated security budgets. With over 20,000 drinking water and 200,000 wastewater treatment facilities in the U.S. mostly operating on tight budgets, the pressure to automate for cost reduction exposes these critical infrastructures to heightened cyber risks. This situation poses an increasing challenge for small communities across the country, underscoring the urgent need for enhanced cybersecurity measures in the face of rising hacktivist threats.