The loss of critical data, operational disruption, financial loss, most of all reputational damage – These are all considered to be common impacts of a cyberattack. While all these factors cause an enormous negative effect on the business, none of them cause any physical damage – perhaps this is the reason cyberwar is often called “war over the wire”. And only when individuals and organizations were building and rebuilding their cyber security frameworks – Scott Applegate’s words about “The Dawn of Kinetic Cyber” seems to be slowly turning into a sharp reality. Cybercriminals are no longer following the path of non-violence. Depending on the monetary gains and national interests, these criminals have switched to causing physical damage and are not afraid to fight till the death.
As we switch to getting “smart” in almost every aspect of our lives with easy adoption of the Internet of Things (IoT) and Industrial Control Systems (ICS), we end up building cyber-physical systems (CPSes) around us. In 2006, Dr. Helen Gill of the National Science Foundation defined these systems as “physical, biological, and engineered systems whose operations are integrated, monitored, and/or controlled by a computational core. Components are networked at every scale. Computing is deeply embedded into every physical component, possibly even into materials. The computational core is an embedded system, usually demands a real-time response, and is most often distributed.”
So, if you think about it, from our water management systems and power grids to automated insulin pumps and defibrillators – most of us are surrounded by CPSes on a regular basis. While there is hardly any doubt that these CPSes have enhanced and improved the way we lead our lives, we cannot deny the inherent exposure to the disquieting possibilities of a tangible cyber threat.
Even though the timeline of cyber-kinetic attacks can be traced beyond the Stuxnet attack on the Iranian nuclear facility (2009-10), the 2021 incident wherein a hacker tried to pump a dangerous amount of chemicals into the water system of Florida – highlights the implications of such attacks.
As highlighted in our Cyber Security Predictions for 2022, kinetic-cyber results in:
Our cyber threat intelligence team observes that verticals like critical infrastructure, healthcare, and research, would be targeted predominantly because of the ongoing COVID-19 pandemic, and the availability of vulnerable assets, including unpatched, outdated, or forgotten assets still in use.
Therefore, it is time organizations move beyond the traditional security paradigm and adopt solutions that are in sync with the emergent threat landscape. Some of the best ways in which one can future-proof against cyberattacks, especially kinetic-cyber are: