Do you have a Strategy for Cyber-Physical Systems Security?
This review from a Gartner posting in 2021 is worth a summary discussion today. I would like to preface it with a few statements about our organization. Seimitsu’s 38-year history of IT Management, Data Management, Infrastructure Development, Systems Integration, and Cybersecurity posturing makes the organization the right choice to support cyber-physical systems planning. With decades of experience in Healthcare, Municipality support, and Commercial projects management, Seimitsu’s innovation and insight into how to plan, design, or redesign an organization’s systems for the best cyber-physical systems management comes from 100’s of projects supporting client and community partner needs.
In early February 2021, an unknown hacker remotely accessed a computer system at a water treatment plant in Florida and attempted to increase the amount of sodium hydroxide in the water supply to potentially dangerous levels.
An operator noticed the intrusion, but the incident shows the potential for harm when the cyber and physical worlds intersect. These cyber-physical systems introduce a new set of risks that few security and risk leaders have had to consider.
Although enterprise IT security is generally well-known and managed, cyber-physical systems challenge traditional security approaches. That’s because these systems process more than information; they manage and optimize physical outcomes, from individual processes to entire ecosystems.
The risks are real
Some types of threats to cyber-physical systems go way back, for example, insider threats. In 2000, a disgruntled contractor manipulated SCADA radio-controlled sewage equipment for the Maroochy Shire Council in Queensland, Australia, to dump 800,000 liters of raw sewage into local parks.
More recently, ransomware attacks have brought down gas pipelines, halted logistics operations and disrupted steel production. GPS spoofing has affected ship navigation, and hackers accessed a casino’s high-stakes gamblers database through an aquarium.
Statistics of Concern for the Future
Gartner Predicts 75% of CEOs Will be Personally Liable for cyber-physical systems Incidents by 2024. Attacks on cyber-physical systems (CPSs) can quickly lead to physical harm to people, destruction of property, or environmental disasters. This high level of physical and structural harm that comes from large-scale cyber-physical systems attacks will have regulators and legal teams looking for who should be held accountable for the failure to provide focus on the issues that were present. Gartner predicts that the financial impact of CPS attacks resulting in fatal casualties will reach over $50 billion by 2023. Beyond just the concern for the actual value of human life, organizations will face a whole slew of costs in terms of compensation, litigation, insurance, regulatory fines and reputation loss that will be significant for those not postured to weather CPS attacks. It has been found that many leaders are not currently aware of the CPSs currently deployed in their organizations. Operational Resilience Management (ORM) which goes beyond information-centric cybersecurity will need to be accounted for by organizations with a large CPS integration.
Plan for cyber-physical systems security
What should leadership teams be doing now? A review of organizational policies and procedures to find gaps in accountability and management of critical systems is a great starting point. This should be coupled with a mapping of all legacy and contemporary systems that have been connected in recent years and a clear understanding of what the risks of these integrations are that the organizational leadership should be aware of. This should be an add-on to your organization’s documented business strategy with a strong focus on identifying the technology drivers and environmental trends that are unique to your enterprise and mapping them to cyber-physical risk.
Seimitsu’s team of skilled and knowledgable staff can help your organization find these risk, cut costs, and improve your cyber-physical systems posture. Contact us today to begin this discussion!
