Faced with rows of empty gas pumps, many Americans on the East Coast may be wondering why this happened, whether it will happen again, or if there is anything we can do to avoid future catastrophe. The unpleasant truth of the matter is that this will certainly not be the last time society is disrupted due to attackers targeting critical industrial control systems (ICS). The impact of such an attack is amplified by the growing reliance on automation and antiquated protocols throughout many OT networks.
In this blog series, I will be discussing three potential types of ICS attackers along with their capabilities and the potential consequences of their actions.
The State of Industrial Cybersecurity
Attacks against ICS have been escalating for many years, and the evolving threat landscape is now quite daunting for industrial plant operators. The United States National Security Agency (NSA) has repeatedly warned that foreign adversaries are targeting critical industrial control systems. Pipelines, power grids, and private manufacturing plants are all being attacked regularly. Details regarding such incidents are often scarce due to nations wishing to conceal their weaknesses and corporations concerned with saving face, but the few details we do get can be alarming.
A 2014 report by the German Federal Office of Information Security (BSI) revealed that an APT group had caused massive damage to a steelworks plant after gaining initial access to IT systems via spear-phishing. The attackers were ultimately able to move from IT to OT systems, and the result was massive damage to the system when a blast furnace ran out of control.
Industrial control systems are a unique attack target due to their potential to not only inflict financial damage but to also directly and physically endanger individuals and even societies at large. Beyond the risk of exploding gas lines or a nuclear meltdown, societies rely on highly automated industrial control systems to have safe drinking water, provide heat through the winter, and maintain safe highways.
Short-term failures in these systems can be challenging but a prolonged failure can be devastatingly deadly. The financial implications are also difficult to overstate, as they may range from slight manufacturing delays all the way to widespread productivity loss when a city or region is thrown back into pre-industrial times.
Throughout this multi-part blog series, I will delve into the risks and potential impacts of attack from different threat groups. These posts will focus on the who and the how of past ICS attacks along with some thought of potential future tactics that adversaries may pursue to benefit from successful ICS compromises.
Stay tuned to the State of Security for the first installment of this series, where we’ll look at the damage possible from a disgruntled insider.
Read more in The Next Disruptive ICS Attacker Series:
The Next Disruptive ICS Attack: 3 Likely Sources for Major Disruptions
The Next Disruptive ICS Attacker: A Disgruntled Insider?
The Next Disruptive ICS Attacker: A Ransomware Gang?
The Next Disruptive ICS Attacker: An Advanced Persistent Threat (APT)?
The Next Disruptive ICS Attacker: Only Time Will Tell