when we hear about financial institutions or large corporations being hacked, our first reaction may be, oh boo hoo, a company with loads of money got hacked and lost some IP or perhaps had to pay some ransom….what about when it affects utilities? ie. your heat, gas, power, hospitals, waste management, transport, and other areas necessary for society to function.
An area of cybersecurity that I am particularly interested in, but have little knowledge in if I am being honest, is that of OT and ICS – Operational Technology (OT) being computing systems that are used to manage industrial operations and not the administrative part like HR – this is the production line stuff of the factory floor. A big part of this is ICS, or Industrial Control Systems, which as the name suggests, is for monitoring and control of mission-critical industrial processes.
These Industrial Control Systems are often managed via Supervisory Control and Data Acquisition (SCADA) systems, which are basically the same as a SOC Analysts SIEM tool for operators in manufacturing plants so they can monitor alarms etc. Distributed Control System (DCS) is another term you may see, and these are similar to SCADA but generally are onsite rather than remote.
For those wanting an understanding or even getting certification in this area, Udemy and Coursera offer some basic courses, and even CISA https://ics-training.inl.gov/ have free training available, but be warned the CISA training has a very US patriotic feel, which for me being a non-US citizen, is a little too much and the material needs major reworking to make it more digestable in my opinion.
Tone aside, the threat is very real – beyond russias’ genocidal invasion of Ukraine (previous invasions aside…) russia, Iran, North Korea and other threat actors will continue attacks on infrastructure as seen here https://www.bbc.com/news/world-us-canada-68186945
Here is an article that postulates these types of attacks require more effort compared to other cyber attacks, but when its an APT (ie. government sanctioned/aided) type attack, I am sure the ideology held by these APT group members deem the effort is worth it, so my feeling is threat intelligence researchers are well aware of this and that we will see more slow and stealthy attacks on OT in the foreseeable future.
https://www.darkreading.com/cyberattacks-data-breaches/brief-history-of-ics-tailored-attacks
for reference on APT groups:
forkthis... 