How to Prevent Cyber-Physical Attacks

Our lives increasingly depend on interconnected cyber-physical systems (CPS). This will only accelerate as our reliance on online access to physical systems for greater automation, control, efficiency, and convenience continues to grow. However, with this hyperconnectivity come new attack vectors because many of these systems were not necessarily designed to co-exist seamlessly. This is par for the course with technology evolution and will take years, if not decades, before a new generation of cyber-physical systems emerges with more natively integrated security processes and pathways. In the meantime, as compensating controls, we need to introduce basic security hygiene practices that are missing from many, newly integrated cyber-physical systems.

Why You Should Care

The security industry has been caught in a cycle of fixing exposures and playing the cat-mouse game of cyber defense and offense. Now, with cyber-physical systems, the stakes are much higher. While compromised IT networks and security breaches that exfiltrate personal data can have significant financial and reputational implications, they don't threaten the physical world we live in and the systems we depend on. This "newer" wave of attacks that take advantage of cyber-physical integration is different in severity and priority because they put our lives and livelihoods at risk.

Here are just a few examples:

• The WannaCry ransomware attack fueled extensive shutdowns of healthcare systems, emergency services, and countless other organizations globally in 2017. Losses were estimated at more than $4 billion. But beyond the financial impact, hospital services were disrupted due to the impact on medical devices and supplies of medication.

• The Norsk Hydro attack that halted production of one of the largest aluminum manufacturing facilities due to safety and environmental concerns, resulted in more than $75 million in losses in 2019.

• The Colonial Pipeline attack in 2021 led to the first major shutdown of critical infrastructure due to a cyberattack in U.S. history. Record-breaking fuel shortages impacted millions of people along the East Coast and triggered rising gasoline prices and panic buying.

• And, tragically, a ransomware attack on a hospital may have led to the death of a baby, since healthcare workers didn't have access to medical equipment and devices they usually rely on to monitor birth progress.

What You Can Do

Such attacks will inevitably continue since threat actors have figured out that organizations will pay ransoms when important cyber-physical systems are being held hostage. While you cannot prevent criminals from making you a target, you can make it harder for them to achieve their mission and thus move on to easier targets. And if an attack does happen, you can mitigate risk by planning how to respond.

Following are a few recommendations to help protect against attacks that compromise cyber-physical systems in industrial, healthcare, and enterprise environments:

Extend your cyber governance model to include cyber-physical systems

What systems do you have in your organization that you're currently not aware of or not monitoring? Start by adding them to your asset visibility and asset management journeys. This should include every device and system across manufacturing processes and building automation systems, including Internet of Things (IoT) and Industrial IoT devices. Healthcare providers should include medical imaging equipment such as MRI machines and CT scanners, as well as internet of medical things (IoMT) devices such as smart vitals monitors and infusion pumps that support critical care delivery in healthcare environments. If you cannot get to everything, prioritize the more critical processes, machines, and devices.

Assess your overall security posture

Just as you do for the rest of your IT devices, you need to know what vulnerabilities are present within your cyber-physical systems. If those cannot be patched, what compensating controls can you deploy? Understanding your level of exposure will help you decide where to focus your resources and budget.

Monitor cyber-physical systems for deviations and lateral movement

Ideally, your monitoring technology stack can extend to cover cyber-physical systems and the ways in which they are interconnected to the rest of your network. This is particularly challenging for healthcare settings, such as hospitals where IoMT devices are on the same networks as IT devices and there is little or no segmentation. In this case, applying the same threat monitoring rigor as you do to the rest of the network is especially important to help ensure communication across systems is done securely.

Plan for a ransomware attack

Ideally, you've protected your most important systems and critical processes. But regardless, you should always have contingencies in place: whether that's shutting down critical processes that are impacted, moving to manual methods such as involving humans to monitor patients in the case of the hospital ransomware, or whatever measures apply to your specific situation. Figuring this out on the fly, after you've become a victim, usually leads to disaster. As the famous quote goes: Plans are worthless, but planning is everything.

We're Here to Help

With the pervasive growth of cyber-physical systems and the additional risks they present, Claroty and Medigate are excited to be working together to build a future where cyber and physical worlds safely connect to support our lives. Learn more about how we are advancing our mission to cover all types of connected assets found in industrial, healthcare, and enterprise environments – also known as the Extended Internet of Things (XIoT) – to help organizations better protect themselves and adapt more effectively during times of crisis.