The industrial cybersecurity threat landscape moves at a slower and more rigid
pace than the information technology threat landscape in general. Attacks on
Industrial Control Systems (ICS) are still hard to monetize. Industrial organizations are still out of scope for the majority of cybercriminals. They are a relatively new target for adversaries who have already started attacking them. These are still applying existing tools and tactics to their attacks.
Kaspersky Lab specialists have spent a few years investigating the cyberthreat
landscape for industrial organizations and trying to bring their expertise and
technology to OT environments.
The increasing amount of automation systems, the variety of automation tools, number of organizations and individuals with direct or remote access to automation systems, as well as the emergence of communication channels for monitoring and remote control between previously independent objects – all expand the opportunities for criminals to plan and execute their attacks.
A decrease in profitability and increase in risks from cyberattacks aimed at traditional victims is pushing criminals to search for new targets, including those within industrial organizations. At the same time, special services in many countries and financially motivated groups, are actively engaged in the research and development of techniques to implement espionage and terrorist attacks aimed at industrial enterprises.
Taking into account the current geopolitical context, the development of industrial enterprises’ automation systems, and the transition to new management processes and models of production and economic activity, this situation will continue to develop in the coming years, negatively affecting industrial organizations.
Underestimation of general threat levels
A lack of public access to information about information security issues within industrial enterprises, coupled with the relative rarity of targeted attacks on automation systems, an excessive belief in emergency protection systems and the denial of objective reality is having a negative effect on the assessment of threat levels by owners and operators of industrial enterprises and their personnel.
In the world of industrial cybersecurity, several high–profile incidents carried out with the help of targeted attacks against a very limited number of victims, created an information landscape that formed fully the idea of a potential threat – both among information security researchers and security developers, and among potential users of these tools.
However, the professional reporting of these incidents was often too difficult to understand by the majority of potential users, and was devoid of important OT details. The information field formed in these conditions, including the absence of a daily need to deflect the attacks aimed at automated control systems, gave developers a chance to create products that might protect better from the artificial scenarios thought up by researchers themselves, than from real world day-to-day threats. This could leave the automation systems of industrial enterprises vulnerable to real life attacks, including random ones and targeted attack campaigns organized by cyber criminals.