The pre-pandemic era witnessed negligible cyber-sabotage attacks on manufacturing plants. However, the landscape has shifted alarmingly.
A recent study reveals that over 150 industrial operations were disrupted due to cyberattacks in 2022. The year saw a 2.4x rise in the total number of attacks compared to the previous year. Waterfall Security’s report suggests that at this pace, cyberattacks could incapacitate up to 15,000 industrial sites by 2027.
Escalating Threats to Operational Technology (OT)
Last year witnessed a 140% upsurge in cyberattacks against industrial operations, causing over 150 incidents. The majority of these attacks came in the form of ransomware, targeting primarily Information Technology (IT) networks.
However, Operational Technology (OT) networks were not spared. Although most ransomware attacks disrupted only the IT network, the Waterfall report cautions that physical operations were affected either due to their dependence on IT systems or because organizations shut down operations preemptively, fearing OT network vulnerabilities.
Real-World Consequences Heighten Concerns
The implications of these attacks extend beyond digital disruptions. Noteworthy incidents include outages at major automobile and tire manufacturing plants, flight delays affecting tens of thousands of travelers, and even equipment damage due to fires in metals and mining operations.
Two organizations were pushed to bankruptcy due to these attacks. The number of publicly reported cyberattacks causing physical harm has doubled annually since 2020, according to Waterfall researchers.
74% of the attacks were ransomware
While 74% of the attacks were ransomware, hacktivists accounted for 9%, targeting the industrial sector for political or ideological reasons. In 2022, 17% of attacks had no discernible motive. Hacktivist incidents often correlated with geopolitical tensions, such as the conflict between Iran and Israel or the Russo-Ukrainian skirmish.
Sophistication in Cyberattacks on the Rise
The report also underscores the growing sophistication of attacks. Previously, advanced tactics, techniques, and procedures (TTPs) were the domain of state-sponsored actors. Now, these capabilities are accessible to a broader range of cybercriminal groups, elevating the threat level.
TSA Directives Address IT/OT Convergence
In the wake of the Colonial Pipeline attack, the Transportation Security Administration (TSA) has issued new directives that focus on IT/OT interdependencies. These directives outline specific security measures at the IT/OT boundary, including the elimination of all OT to IT domain trust relationships and the design of OT networks to allow isolation from IT networks during incident response.
Addressing OT Security
The alarming increase in cyberattacks on industrial operations underscores the urgency of bolstering OT security. From strategy formulation to vulnerability assessment, the industrial sector can ill afford complacency.