Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

The Impact of Geopolitics on CPS Security

The explosive growth in CPS interconnectivity, coupled with the rapidly evolving geopolitical landscape and opportunistic criminals, makes for a dangerous situation. 

The world changed fundamentally during the pandemic. Businesses were affected profoundly as they were forced to undergo digital transformation quickly to survive. And for organizations that were able to truly excel at it, digital transformation became a differentiating advantage. Of course, shareholders clearly saw the cost and competitive advantages of digital transformation and there is no turning back.

Our physical world has become very dependent on its digital components so we can share data and take advantage of simplified and more efficient workflows. The challenge now is that we are in a position of playing catch-up because all that extra connectivity needs to be secured. While the need to secure cyber-physical systems (CPS) is nothing new, the pandemic has escalated it in ways none of us could have anticipated or prepared for out of the gate. For example, who could have imagined a 63-fold increase in telehealth utilization or that 80% of remote-capable workers would continue to work remotely at least part of the time?

Geopolitics up the ante

The explosive growth in CPS interconnectivity, coupled with the rapidly evolving geopolitical landscape and opportunistic criminals, makes for a dangerous situation.

We’re dealing with the usual suspects, mainly Russia and China with Iran emerging. But Russia is at the top of the list, as they have demonstrated they are both capable and, in the current climate, motivated to add cyberattacks to their arsenal. As we have seen in the past, Russia doesn’t hesitate to deploy destructive cyber weapons with the potential to paralyze vast portions of Operational Technology (OT) networks: they proved that in 2016 with the NotPetya attack, which paralyzed many organizations. Now, in the era of hybrid war, the increase in attacks on critical infrastructure and the impact of the geopolitical conflict on the world is significant.

As Russia loses more ground in the invasion of Ukraine and pressure from the U.S. and our allies continues to mount, we are likely to see cyberattacks increasingly used as a weapon. CPS and the networks they operate on are obviously attractive targets because of their criticality levels and potential for sabotage. We’ve already seen many examples this year.

In April, Unit 74455 of Russia’s GRU military intelligence agency, targeted high-voltage electrical substations in Ukraine using a variation of Sandworm’s Industroyer malware, which is designed to automatically trigger power disruptions. And in June, Gen. Paul Nakasone, the head of U.S. Cyber Command, confirmed for the first time that the U.S. had conducted offensive cyber operations in support of Ukraine. This is undoubtedly putting more pressure on Russia.

In response to cyber pressure, NATO expansion considerations, sanctions, and other actions and operations, we’ve seen a much more aggressive Russia in the form of scaled cyberattacks across many sectors including power and utilities, oil and gas, manufacturing, transportation, and healthcare, as well as direct targeting of those critical infrastructure networks. The objectives vary, but what they all have in common is the fact that those CPS networks are essential to operations and therefore valuable in this geopolitical conflict.

A call to arms

The U.S. Government has responded with a number of structured initiatives, starting with the Cybersecurity and Infrastructure Security Agency (CISA)’s Shields Up campaign, designed to help organizations of all sizes prepare for, respond to, and mitigate the impact of cyberattacks.

This was soon followed by the enactment of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Although the details are still being worked out in terms of reporting requirements surrounding cyber incidents and ransomware payments, the basic premise of this coordination and collaboration will allow for much broader visibility into critical infrastructure networks, as that’s one of the biggest disadvantage defenders have. In many cases, we simply don’t have enough security telemetry from those CPS environments to provide assistance and guidance to prevent other organizations from falling victim to a similar incident and also identify trends to help get ahead of future threats. Most recently, CISA’s release of its Cross-Sector Cybersecurity Performance Goals (CPGs) is another initiative that drives towards a baseline of defense with a set of pragmatic practices to accelerate risk mitigation.

The message across these initiatives is loud and clear. When we have greater visibility into our CPS environments, we can understand our risk and take the necessary steps to protect these critical systems and pathways. We can also use the information to our advantage in the form of early warnings about emerging threats, thereby proactively strengthening our security posture. Business leaders have demonstrated to shareholders the value of digital transformation, but a surge in attacks and multi-faceted response from the U.S. Government reflects how vulnerable our CPS environments are. Now we need to show that we are taking the right steps to protect these high-value systems that are in the crosshairs.

RelatedCyber-Physical Security: Benchmarking to Advance Your Journey

Related: Cyberphysical Security: The Next Frontier

Written By

Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

Serious vulnerabilities found in Econolite EOS traffic controller software can be exploited to control traffic lights, but the flaws remain unpatched.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.