Digital Weapons Hit the Mark IRL
We live in a world where warfare is no longer contained in the land, air, and sea and the consequences of virtual war have repercussions in the physical world.
At a time when the risk of global conflict is at its highest since the end of the Cold War, increasing reliance on digital technologies has led to growing concern around the potential increase of physical world risks caused by cyber attacks. Instances of cyberwar, acts of aggression committed digitally and intended to cause damage in the real world, require fewer resources and often rely on human error to carry out destructive measures.
The 2018 Worldwide Threat Assessment of the U.S. Intelligence Community stated: “adversaries and malign actors will use all instruments of national power—including information and cyber means—to shape societies and markets, international rules and institutions, and international hotspots to their advantage.” This means industries more than ever need to consider planning for cybersecurity risks beyond production and revenue loss.
Weapons of Choice
Photo by Igor Ovsyannykov on Unsplash
In the age of the digital arms race, governments around the world have been working to strengthen their cyber attack and defense capabilities. The U.S. was reportedly the first country to develop and deploy a cyber weapon in 2008. The worm, called Stuxnet, was created to sabotage nuclear enrichment centrifuges in Iran, and effectively did so with the help of the Israeli government. Also in 2008, a section of the BTC pipeline exploded in Turkey due to a successful cyberattack that shut down alarms and surveillance systems before pressurizing the oil leading to an explosion.
Germany experienced an industrial cyber attack in 2014 that resulted in physical destruction. Malicious actors manipulated and disrupted the control systems of a steel mill, resulting in severe damage when the hackers prevented the blast furnace from shutting down. It has also been reported Russia hacked the Ukrainian power grid in 2015 and 2016. Russia has also been accused by the current U.S. administration of a series of cyber attacks on American power plants, water facilities, and electrical grids, dating back to 2015.
Potential Targets
Photo by Patryk Grądys on Unsplash
As seen from earlier attacks, civilian infrastructure is a likely future target. Although attention given to the power and energy sectors is deserving, vulnerabilities can be found anywhere industrial control systems are located. Malicious actors could exploit the digitization of operational systems, our rapid adoption and proliferation of the Internet of Things (IoT), and susceptibilities within the supply chain to bring cyber risks into personal and professional domains like the following:
- Power plants & other parts of the energy grid
- Water treatment plants
- Chemical facilities
- Telecommunications – networks and devices
- Transportation – railway routing systems, commercial and personal vehicles
- Financial networks – banks, ATMs
- Healthcare facilities – hospitals
- Laboratories – pharmaceuticals, research
For many organizations, a major cyber attack that renders physical damage could be catastrophic.
We’re All In This Together
With both the threat and range of organizations with vulnerabilities likely to grow, the onus is on states, organizations, and individuals to communicate and work together to help mitigate cyber risk across shared networks. The World Economic Forum System Initiative on Shaping the Future of Digital Economy and Society is helping to work towards these goals. As an international organization, the Forum provides: “a platform for leaders from all stakeholder groups from around the world – business, government and civil society – to come together.” This project supports enterprise and national-level development of cyber resilience governance capabilities by sharing best practices, creating tools, and fostering discussion and cooperation between the public and private sector about shared security responsibilities.
How Your Organization Can Take Action
Photo by Pixaby at Pexels
As the frequency and intensity of digital attacks continues to grow along with the average cyber attack cost, security and risk mitigation stakeholders have realized the urgent need to reinforce current security measures. Training is critical for all those involved with operational technologies. If not trained properly, people can be the weakest link in your system, therefore verifying credentials has never been more important. More and more companies are at risk of cyber attacks that cause considerable physical damage and business interruption, and while the challenges of planning for cyber attack risks may seem daunting, the best approach begins with mitigating human-driven risks for your organization.
How Prescient Can Help
Implementing an effective cybersecurity program is no longer as simple as addressing weak technologies, vulnerable software, or malicious code. When it comes to disastrous breaches (with the potential for physical damage), the greatest risks can often stem from human error, improper data handling, or actions taken by third parties outside of your control.
Our experts leverage a robust collection of investigative tools and technologies to initiate post-incident remediation strategies, locate stolen data, and identify wider human-centered security vulnerabilities. In addition to these Cyber Intelligence solutions, we also supplement traditional cybersecurity services with highly specialized due diligence that proactively screens data handlers for elevated risks.
Cyber Intelligence Benefits:
- Enhance data security and mitigate cyber risks
- Reduce insider fraud, theft, and data leakage
- Intelligence community-driven research
Our Background
Prescient began as an intelligence and national security contractor serving U.S. Defense and Intelligence clients. Today, we work with clients in a range of industries to offer due diligence, investigations, cyber intelligence and background checks that empower confident decision making. Our insights are designed to help your team ensure the people your company engages with don’t present hidden risks down the line.
Sources:
- https://www.forbes.com/sites/mikescott/2018/03/07/energy-industry-worried-about-cyber-attacks-but-doesnt-really-know-what-to-do/2/#3511fb759b64
- https://www.csoonline.com/article/3237324/cyber-attacks-espionage/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
http://www.eweek.com/security/concern-rises-about-cyber-attacks-physically-damaging-industries
https://www.airmic.com/news-story/why-companies-underestimate-physical-damage-cyber-attacks - https://www.forbes.com/sites/laurencebradford/2018/03/30/why-people-should-learn-about-cybersecurity-in-2018/#8cf6c75d0056
- https://www.computerweekly.com/news/252440406/ARM-aims-to-boost-physical-security-of-IoT
- https://www.csoonline.com/article/3218104/malware/what-is-stuxnet-who-created-it-and-how-does-it-work.html
- https://www.wired.com/story/russian-hackers-attack-ukraine/
- https://www.cebit.de/en/news-trends/news/digital-arms-race-315
- https://www.wired.com/story/worldwide-threats-briefing-russia-election-china/
- https://www.bloomberg.com/news/articles/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar
- https://www.jltspecialty.com/our-insights/publications/risk-specialist/risk-specialist-december-2015/5-physical-damage-cyber-attacks-that-you-should-know-about
- https://www.weforum.org/system-initiatives/shaping-the-future-of-digital-economy-and-society
- https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf