1

Gartner: Cybercriminal Can Harm or Kill Humans?

Désolé, cet article est seulement disponible en en, ru et ua.

Gartner predicts that by 2025, cybercriminals will have weaponized operational technology (OT) environments to successfully harm or kill humans.

 

It sounds scary, let’s figure out what is what and if there is a way to prevent it.

 

What is OT?

 

Operational technology (OT) – hardware and software that monitors or controls equipment, assets, and processes. Attacks on OT have also revolutionized from immediate process disruption such as shutting down a plant, to compromising the integrity of industrial environments with intent to create physical harm.

 

Organizations can reduce risk by implementing a security control framework.

 

According to Wam Voster, senior research director at Gartner, in operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft.

 

According to Gartner, security incidents in OT have three main motivations: actual harm, commercial vandalism (reduced output), and reputational vandalism (making a manufacturer untrusted or unreliable.)

 

Gartner predicts that the financial impact of such attacks resulting in fatal casualties will reach over $50 billion by 2023. Even without taking the value of human life into account, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant. Gartner also predicts that most CEOs will be personally liable for such incidents.

 

So what’s to be done?

 

Gartner recommends that organizations adopt a framework of 10 security controls to improve security posture across their facilities and prevent incidents in the digital world from having an adverse effect in the physical world.

 

1.  Define roles and responsibilities

 

Appoint an OT security manager for each facility, who is responsible for assigning and documenting roles and responsibilities related to security for all workers, senior managers, and any third parties.

 

2. Ensure appropriate awareness training

 

All OT staff must have the required skills for their roles. Employees at each facility must be trained to recognize security risks, the most common attack vectors, and what to do in case of a security incident.

 

3. Implement and test incident response

 

Ensure each facility implements and maintains an OT-specific security incident management process that includes four phases: preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.

 

4. Backup, restore, and disaster recovery

 

Ensure proper backup, restore and disaster recovery procedures are in place. To limit the impact of physical events such as a fire, do not store backup media in the same location as the backed-up system. The backup media must also be protected from unauthorized disclosure or misuse. To cope with high severity incidents, it must be possible to restore the backup on a new system or virtual machine.

 

5. Manage portable media

 

Create a policy to ensure all portable data storage media such as USB discs and portable computers are scanned, regardless of whether a device belongs to an internal employee or external parties such as subcontractors or equipment manufacturer representatives. Only media found to be free from malicious code or software can be connected to the OT.

 

6. Have an up-to-date asset inventory

 

The security manager must keep a continuously updated inventory of all OT equipment and software.

 

7. Establish proper network segregation

 

OT networks must be physically or/and logically separated from any other network both internally and externally. All network traffic between an OT and any other part of the network must go through a secure gateway solution like a demilitarized zone (DMZ). Interactive sessions to OT must use multi-factor authentication to authenticate at the gateway.

 

8. Collect logs and implement real-time detection

 

Appropriate policies or procedures must be in place for automated logging and reviewing of potential and actual security events. These should include clear retention times for the security logs to be retained and protection against tampering or unwanted modification.

 

9 Implement a secure configuration process

 

Secure configurations must be developed, standardized, and deployed for all applicable systems like endpoints, servers, network devices, and field devices. Endpoint security software like anti-malware must be installed and enabled on all components in the OT environment that support it.

 

10. Formal patching process

 

Implement a process to have patches qualified by the equipment manufacturers before deploying. Once qualified, the patches can only be deployed on appropriate systems with a pre-specified frequency.

 

Source: Gartner

Related Posts

card__image

Cyberattacks on Critical Infrastructure: The Digital Battlefield

Désolé, cet article est seulement disponible en en et ua. Cyber threats are escalating in critical sectors like energy and healthcare. Recent warnings from CISA, NSA, and FBI highlight vulnerabilities exploited by Chinese-linked operations.   In today’s world, it’s hard to miss the constant buzz about cyber threats, especially when they hit critical infrastructure and […]

card__image

Surge in DDoS Attacks: Gcore Report Reveals 46% Increase in First Half of 2024

Désolé, cet article est seulement disponible en en, ru et ua. Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share […]

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *