It was back in 2012 when the then Defense Secretary of the United States warned of the possibility of the country facing a “cyber-Pearl Harbor”. He painted a bleak possibility – that extremist groups and enemy nations would use cyber tools to gain access to critical switches and disrupt transport and infrastructure.
While an attack on such a grand scale has not materialized as yet, Panetta’s warning sounds even more pertinent in this day and age of the Internet of Things (IoT). We live in the era of smart, where every device has the smart label in front of it – smart televisions, smart vehicles, smart cities, smart toasters, smart lights, etc. The boundaries between the physical and the cyber has merged and there has been a rise of cyber-physical attacks – cyber attacks which have an impact in the physical world as well.
Not a new phenomenon
Of course, perhaps the most noteworthy cyber-physical attack was the Stuxnet malicious worm, discovered in 2010. While no one has claimed responsibility, it caused substantial damage to Iran’s nuclear program, causing the nuclear centrifuges to tear themselves apart. It was believed to be created by American & Israeli cyber experts.
But in recent years, there have been examples of cyber-physical attacks at a much lower scale but with a similar likelihood of destruction. In Italy this year, some researchers travelled to various construction sites and demonstrated to workers there that they could easily take control of construction cranes remotely making them perform actions they wished. The message was clear – construction cranes are incredibly vulnerable and in the hands of a malicious group, could cause immense destruction.
Shock and awe
At a grander scale, power grids in Ukraine were successfully targeted in December 2015 and the consequences were severe. Electricity supply was disrupted and more than 230 thousand people were left without power for one to six hours. In Germany in 2014, a cyber attack caused massive damage at a blast furnace in a German steel mill when attackers gained access to control systems, which led to parts of the plant failing and the blast furnace being damaged.
It’s quite clear then that enterprises also must take note of this growing and troubling trend of cyber-physical attacks and take the necessary steps required to secure themselves against this growing threat. Some of the ways they can do that is through:
- Plug the gaps – Most cyber-physical attacks happen due to gaps in the enterprise’s network security. Enterprises must constantly keep monitoring their security perimeters and step in to plug those gaps as soon as possible.
- Understand your environment – It is important for organizations to have an ear to the ground regarding the industry they operate in and what are the new threats. Staying aware of the new trends and vulnerabilities will ensure that they can react and respond to threats as soon as they emerge.
- Create a culture of security – It is incumbent on enterprises to create a security-first approach in their organization. This includes training employees on the importance of cybersecurity, ensuring that there are strict policies regarding cybersecurity with compliance to it.
- Include physical security with cybersecurity – As mentioned earlier, the boundaries between the physical and digital worlds are converging and enterprises must be secure in both the worlds. Physical security is also paramount in this regard with strict rules against tailgating, secure access control systems and proper storage of confidential information.
- Use a secure cybersecurity solution – A strong cybersecurity solution will allow enterprises to secure their defenses along with monitoring their network activity. Enterprises can consider Seqrite’s Endpoint Security (EPS) which is a simple and innovative platform integrating advanced technologies to protect the network.