It has become a more customary occurrence on operational technology or OT – hardware and software that controls equipment, assets, and processes – to be targeted and attacked.
Studies from a research and advisory firm, Gartner, have observed that by the year 2025, cyber threats and attackers could have effectively weaponised the operational technology (OT) environment to harm humans, or worse, kill them. All these are amid the hyper-competitive security system happening all over the world.
It has become a more customary occurrence on operational technology or OT – hardware and software that controls equipment, assets, and processes – to be targeted and attacked, as said by Gartner in a release.
These OT attacks have also developed a method to cause physical damages as a clear intention coming from initially disrupting industrial environments’ integrity – bearing in mind that they have once started from just damaging processes to be able to shut down plants. The firm has also stated that appropriate segmented networks and arrangements for IT and OT environments should now be considered a critical concern from the other events happening, such as the Colonial Pipeline ransomware attack.
As highlighted by Wam Voster, Gartner’s senior research director, all security and risk management leaders inside operational environments must exhibit a more apprehensive concern towards real-world dangers to both environment and humans, aside from merely focusing on information theft. Moreover, he emphasised the alarming struggle of defining proper control frameworks inside organizations in asset-intensive industries such as resources, utilities, and manufacturing – as concluded from their inquiries from their clients in Gartner.
There are three main objectives of security incidents in OT and other cyber-physical systems or CPS, as also mentioned by Gartner, that have been pointed out. These objectives include physical harm, commercial vandalism, which aims to reduce productivity, and reputational vandalism, which seeks to turn manufacturers into unreliable and defective cohorts.
By 2023, it has been predicted by the research firm that the fatal casualties from these CPS attacks could result in severe financial impact for over USD 50 billion.
Adding also into predictions that organisations will suffer a significant loss concerning insurance, litigation, compensation, reputation loss, and regulatory fines, even if the merit of human life is not considered. These incidents and liabilities are probed to be shouldered by the CEOs of these organisations.