The Physical Ramifications of Cyber Attacks
It seems conceptual on the surface, but that perception is quickly losing its usefulness: kinetic cyber-attacks are working their way toward the mainstream and becoming more commonplace. This growing phenomenon is defined, in terms of cyber threat intelligence, as attacks which, through the use of cyber technology, can inflict physical real-world damage and destruction through the exploitation of weak systems. The ways this can occur varies. From the ability to control cars (which has been demonstrated multiple times, but maybe in the most stunning format by a 2015 New York Times piece which showed vital components like brakes being cut virtually) to something as obscure and difficult to detect as a hacker making a change in a healthcare system's information that leads to the wrong medication being passed out at a hospital. Kinetic attacks can have a remarkable breadth of possibility.
Gaps in the basic hierarchy of Industrial Control Systems (ICS) can be exploited to dramatically change a setting that leads to a kinetic effect in a variety of common industrial resources such as water, electric, gas and oil, as well as pressure-based systems.
Cyber threat intelligence is key here; the knowledge of what ways systems can be affected by a kinetic cyber-attack can lead to early identification and the potential for de-escalation. ICS-related attacks are often masked by maintaining the ordinary look of the system's interface, and because of this, it is difficult to get a quick understanding of the attack. Often, the placement of malware or the presence of a 3rd party in a system, is undetected in the ICS for months before an attack-related action is taken.
Kinetic attacks often lead to direct physical damage, but just as often, they are the first domino in a series of choreographed events from which real-world destruction occurs. Perversely, some critical infrastructures may not seem all that critical, until they are. Where does the source of power for your organization's office actually come from? And, how many stopping points are there along the way that can be avoided? These aren't questions that generally can be easily answered by one lone information officer, and because of that, cyber threat intelligence platforms such as NC4 Mission Center™ can be of terrific use. By tapping into an ever-expanding collaborative intelligence sharing system, organizations can both educate themselves on recent threats, as well as have immediate access to information regarding perceived kinetic attacks.
In a world increasingly driven by the Internet of Things (IoT), the connectivity of systems can be harder to trace and reveal, even within a relatively inclusive organizational community. In Dave Evans' groundbreaking 2010 white paper on the matter, he estimated that by 2020, there will be 6.58 times as many devices connected to the Internet than people on Earth (around 50 billion). It's this intricacy and sophistication that will need a united society to properly track and be prepared for, and it is here where the cyber threat intelligence platform, NC4 Mission Center, again, proves its use. Contact us at 877-624-4999 for more information on how this knowledge platform can be integrated into your organization.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.