Blog / 10 min read
The term “cyber-physical systems” or in short, CPS, was coined more than 15 years ago, but it is now entering the mainstream as digital transformation intensifies, and operational technology (OT) environments become increasingly interconnected with IT systems and Internet of Things (IoT) devices. Cyber-physical systems encompass OT assets and systems, along with a proliferation of connected devices. As a result, when we think about protecting OT environments, we need to start thinking of cyber-physical systems security more holistically, because it better reflects the reality we operate within today, as our physical world connects more deeply and broadly with our digital world.
Let’s take a closer look at this evolution in cybersecurity:
Cyber-physical systems are defined by Gartner as engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world — resulting in improved operations, resilient, reliable systems, and a deeper understanding of the physical things they control. As cyber-physical systems face new threats, and challenge traditional IT approaches, it is now more important than ever for organizations to incorporate CPS into their security strategy.
According to the DHS, cyber-physical systems security addresses security concerns for cyber physical systems (CPS) and internet of things (IoT) devices. Cyber-physical systems and the extended internet of things (XIoT) have become an increasingly integral part of critical infrastructure, government and everyday life. Key examples of CPS include patient monitoring in hospitals, intelligent buildings, smart electric grids, and autonomous vehicles. These smart networked systems interact with the physical world to support real-time, guaranteed performance in safety-critical applications. Although these devices help to sustain our lives, they also greatly increase cybersecurity risks and attack surfaces — and the consequences of unintentional faults or malicious attacks could have a severe impact on human lives. As more and more devices become interconnected, securing both the cyber and physical world will only become more challenging, making it paramount for organizations to implement CPS security
In the past, IT and OT were seen as distinct and isolated business domains. IT focused solely on capabilities necessary to process data, while OT focused solely on devices responsible for monitoring or carrying out physical processes.
However, as digital transformation accelerated, connecting OT networks to IT systems and the Internet has unlocked tremendous business value – enabling improvements in operations efficiencies, performance, and quality of service. The level of interconnectivity introduced by the rise of the IoT — including more sector-specific concepts such as the Industrial Internet of Things (IIoT) and Internet of Medical Things (IoMT), along with the holistic Extended Internet of Things (XIoT) — further fueled IT-OT convergence. And now we’ve reached a point where our physical world is very dependent on its digital components.
While the terms IT and OT can be applied to specific devices, hardware, and software, the expanding interface between cyber (i.e., IT) and physical (i.e., OT) technologies has given rise to the concept of cyber-physical systems with applications including heavy industry, healthcare, building management systems, and critical infrastructure. Even our most basic needs like food, water, and healthcare depend on cyber-physical systems and the connected devices that underpin them.
According to the DHS, cyber-physical systems security addresses security concerns for cyber physical systems (CPS) and internet of things (IoT) devices. Cyber-physical systems and the extended internet of things (XIoT) have become an increasingly integral part of critical infrastructure, government and everyday life. Key examples of CPS include patient monitoring in hospitals, intelligent buildings, smart electric grids, and autonomous vehicles. These smart networked systems interact with the physical world to support real-time, guaranteed performance in safety-critical applications. Although these devices help to sustain our lives, their interconnectivity has also greatly increased cybersecurity risks and attack surfaces — and the consequences of unintentional faults or malicious attacks could have a severe impact on human lives. As more and more devices become interconnected, securing both the cyber and physical world will only become more challenging, making it paramount for organizations to implement CPS security.
This distinction of cyber-physical systems as an overarching term that comprises multiple assets and systems across multiple environments interacting with one another is important, as it helps explain the security challenges.
Since cyber-physical systems are complex, comprise different types of devices and different protocols, and are connected to each other and to the Internet, securing them is both challenging and critically important.
Cyber-physical systems challenge traditional security approaches, and with the complexity and variety of old and new connected assets, organizations are beginning to recognize that OT is not the only cyber-physical asset they have to contend with. The internet of things (IoT), industrial internet of things (IIoT), internet of medical things (IoMT), and smart buildings, to name a few, are cyber-physical systems that do more than just process data. These assets straddle the cyber and physical worlds and are typically deployed in operational or mission-critical environments, where human safety and operational resilience are top priorities. This is par for the course with technology innovation, and it will take years, if not decades, before a new generation of connected assets emerges with more natively integrated security processes and pathways.
Technological advancements have enabled a broad range of new devices; however, these devices are being created and deployed without safety and security in mind. This challenge, coupled with the fact that many device lifespans are measured in decades, mean current designs could impact the next several decades. Analyzing, understanding and addressing these issues in the early stages will help organizations to develop a sound strategy when it comes to CPS security.
At the same time, cyber-physical systems are attractive targets because of their criticality levels and vulnerabilities that leave them open to attack. While compromised IT networks and security breaches that exfiltrate personal data are very costly and have other financial implications, they don’t threaten the physical world we live in and the systems we depend on. Lives and livelihoods are at risk when cyberattacks spillover into the OT realm and have a physical impact. Some examples of threats associated with cyber-physical systems include:
Malware: Targeted attacks against a Ukrainian electricity provider using Industroyer2, a variant of the 2016 Industroyer malware left a portion of the country in the dark.
Ransomware: A ransomware attack crippled a nearby hospital in Düsseldorf, Germany, leading to the death of a patient seeking emergency care.
Unauthorized Remote Access: Cybercriminals were able to successfully launch an attack on Colonial Pipeline by stealing one password from the VPN login belonging to an employee believed to be inactive. This attack compelled operators to shut down oil and gas delivery to millions of people to mitigate impact to the OT network.
Distributed Denial-of-Service (DDoS) Attacks: Russian threat actors launched a series of DDoS attacks against commercial satellite networks to disrupt Ukrainian command and control with spillover impacts on other European countries.
Service Tampering: White-hat hackers have demonstrated vulnerabilities in IoMT devices that allow them to increase dosages or manipulate shocks that result in sudden death.
Supply Chain Attacks: The SolarWinds hack accident enabled a threat actor to establish a foothold in Orion users’ networks and move laterally to gain access to other network domains in order to steal data or exploit other vulnerabilities.
The range of types of attacks across sectors also reflects another challenge with cyber-physical systems security: a breadth and depth of domain knowledge to understand how best to secure each environment while operating within the models and methods unique to each. IT security teams typically prioritize confidentiality of data over integrity and availability, while teams that run OT networks prioritize availability (or uptime) over integrity and confidentiality. Respecting those priorities within the paradigms of each sector is paramount.
Clearly, the scope of cyber-physical systems goes beyond just OT. However, OT is arguably the most foundational component, as it embodies the “P” in cyber-physical systems and bridges the gap between the cyber and physical worlds. When Claroty was founded in 2015, our mission was to protect critical infrastructure organizations with the strongest OT security solution on the market, hence the "OT" in Claroty. We also knew that the biggest advantage defenders have is to know their networks better than the adversary. Visibility to provide clarity of what is happening across the entire OT environment including systems and workflows is essential and is also reflected in our name.
So, we developed the Claroty Platform, fueled by broad domain knowledge of physical systems and workflows, along with deep capabilities including full-spectrum visibility, risk and vulnerability management, threat detection, and secure remote access controls – all of which integrate seamlessly with an organization’s existing technology stack. And in 2021, Claroty was named a leader with the top-scored current offering in The Forrester Wave™: Industrial Control System (ICS) Security Solutions, Q4 2021.
With the rise of the XIoT and more complex cyber-physical systems, this foundation has allowed us to evolve our solutions beyond OT security to more holistically address cyber-physical systems security. The central role of OT within cyber-physical systems security, our unmatched visibility and OT protocol coverage, and leading OT security technology and expertise give us the springboard to become the strongest cyber-physical systems security vendor on the market. We have combined these core strengths with strategic investments to bring additional, specialized models and methods into a single platform to help organizations move towards cyber-physical systems security quickly and effectively.
Regardless of what the future brings, one thing is clear: cyber-physical systems and the networks they operate on have become attractive targets for threat actors. These networks are critical, and therefore valuable. As defenders, we need visibility and control over those assets, so we can proactively prepare for the likely scenarios.
Having visibility into all cyber-physical systems assets so you can understand your risk posture, is an excellent first step to prepare proactively and focus on addressing likely paths of attack. In addition to that, sophisticated attacks on cyber-physical systems do require extensive preparation by adversaries and usually take a significant amount of time to carry out, with lots of lateral movement. Having the ability to monitor cyber-physical systems for early warning indicators of compromise gives Claroty customers the home-field advantage of detecting an adversary preemptively and taking necessary steps to mitigate risk.
At Claroty, we’re committed to a future where cyber and physical worlds safely connect to support our lives and we are delivering the leading cyber-physical systems security platform to make that happen. We understand that successful CPS security requires constant monitoring and adaptation to today’s rapidly evolving environment, where threat actors are increasingly weaponizing XIoT. The organizations that support our lives rely heavily on connectivity between the cyber and physical world, making the safety and security of their devices paramount. Guaranteeing this safety starts with a strong CPS security strategy and a robust protection platform that can help.