Cyber-Physical Systems Under Siege

Recent events have shifted perspective on responsibility and priority.

Venky Raju
Jan 30, 2025
Cps (cyber Physical Systems) Concept Abstract Image 612622938 2124x1416

In recent years, Cyber-Physical Systems (CPS) have become the new “hot target” for cybercriminals. Attacks on critical infrastructure, particularly in the oil, gas, and water industries, are escalating. Most recently, a group of hackers were found tampering with Operational Technology (OT) controls in multiple countries, including U.S. critical infrastructure.

Even the government is taking notice as CISA recently released a fact sheet, Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems, warning of increased cyber risks to water system interfaces, and sharing best practices for operators to protect critical infrastructure. Historically, OT leaders and organizations with CPS focused on productivity, uptime, and quality control, often relegating security to the IT department. However, recent events have shifted this perspective.

An Urgent Call For Robust Security Measures

As commercial attacks on OT systems become increasingly prevalent, organizations are recognizing the critical need for stronger and more comprehensive security measures. With the advent of Industry 4.0, the integration of digital and physical systems means that security breaches can lead to significant real-world consequences.

For example, exploited vulnerabilities can affect the delivery, access, or even quality of essential services such as water. As a result, organizations are starting to face the consequences of vulnerabilities introduced by the growing connectivity between OT and Information Technology (IT) networks, prompting an urgent shift in priorities from productivity and efficiency to robust security measures.

Despite the push for enhanced security, there remains a significant amount of fear, uncertainty, and doubt surrounding the implementation of Zero Trust principles in OT environments. Many organizations worry that strengthening their defenses could introduce obstacles that hinder operational productivity and up-time.

Interestingly, many recent cyberattacks causing physical disruptions were not due to direct manipulation of OT systems, but instead stemmed from IT-based attacks such as ransomware. CPS were consequentially shut down to prevent malware spreading from IT to OT. 

According to the CISA Cross-Sector Cybersecurity Performance Goals Update, March 2023, it recommends reducing the likelihood of breached OT systems by denying access by default and implementing the Zero Trust model. However, OT leaders continue to express concerns about production slowdowns and operational hindrances.

To address this, IT/OT leaders should consider incrementally implementing Zero Trust traffic policies. This approach minimizes the risk of breaking applications, causing downtime, and losing production. Visibility of all assets in both IT and OT environments is crucial to identify and prioritize critical vulnerabilities so they can be remediated. Progressive traffic policies can then prevent the lateral spread of breaches before they become crises, regardless of whether the entry point is in the IT or OT network.

The importance of securing OT and CPS cannot be overstated. As cyber threats continue to evolve, organizations must prioritize robust security measures to protect critical infrastructure. Incremental implementation of Zero Trust principles offers a balanced approach, enhancing security without compromising productivity. By understanding and addressing the vulnerabilities in CPS, organizations can safeguard their operations against the ever-present threat of cyberattacks.

Latest in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
January 29, 2025
Cybersecurity In A Bubble
5 Questions to Identify and Mitigate Hidden Security Threats
January 30, 2025
Homeland Security Secretary Kristi Noem speaks to employees at the Department of Homeland Security, Tuesday, Jan. 28, 2025, in Washington.
Cyber Agency's Future in Elections Murky Under Trump Administration
January 30, 2025
Encryption
The Building Blocks of Data Security
January 30, 2025
Related Stories
Smishing Attack Fran Rodriguez
Cybersecurity
Threat Labs Research and Analysis Initiative Focused on Human-Targeted Attacks
Cybersecurity In A Bubble
Cybersecurity
5 Questions to Identify and Mitigate Hidden Security Threats
Homeland Security Secretary Kristi Noem speaks to employees at the Department of Homeland Security, Tuesday, Jan. 28, 2025, in Washington.
Cybersecurity
Cyber Agency's Future in Elections Murky Under Trump Administration
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Cybersecurity
Security Breach Podcast
Sponsored
Security Breach Podcast
A new video series from Manufacturing.net - Security Breach, looks to offer the insight and tools needed to ready your company's defenses. Stay up-to-date on today's vital cybersecurity topics by subscribing here.
January 29, 2025
Cybersecurity In A Bubble
Cybersecurity
5 Questions to Identify and Mitigate Hidden Security Threats
'Cybersecurity threats don't discriminate by company size, industry, or geographic footprint.'
January 30, 2025
Homeland Security Secretary Kristi Noem speaks to employees at the Department of Homeland Security, Tuesday, Jan. 28, 2025, in Washington.
Cybersecurity
Cyber Agency's Future in Elections Murky Under Trump Administration
The new homeland security secretary, Kristi Noem, said that CISA had strayed 'far off mission.'
January 30, 2025
Encryption
Cybersecurity
The Building Blocks of Data Security
Ways to build a strong cybersecurity foundation in addressing evolving threats.
January 30, 2025
Ep128
Cybersecurity
Security Breach: The Legacy of AI in Cybersecurity
AI offers solutions to enduring problems, but keeping pace with hackers will be key.
January 30, 2025
Us Binary Flag Mirsad Sarajlic
Cybersecurity
Industry Responses to Biden's Outgoing Cybersecurity EO
The realities surrounding China and other threats to critical networks were laid plain.
January 23, 2025
Industrial Cyber
Cybersecurity
Platform Offers Secure OT Access Management
Xona targets secure access by preventing insecure user endpoints from connecting to critical assets.
January 23, 2025
Ransomware
Cybersecurity
Report Highlights Critical Need for Cyber Insurance
A rise in cyber insurance claims includes a surge in the average cost of a data breach.
January 23, 2025
Utility Metamorworks
Cybersecurity
The Realities of Critical Infrastructure Security
Most could already be compromised from software updates or back doors that have not been opened, yet.
January 16, 2025
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
2024 in Review: Cyber Threats and the Fight to Secure Critical Infrastructure
The threat actors and their strategies continue to evolve.
January 16, 2025
Intllectual Property
Cybersecurity
Encryption Becoming Essential for U.S. Manufacturers
Research found that manufacturers are aware of threats and have turned to encryption to fortify data.
January 16, 2025
American flags are displayed with Chinese flags on top of a trishaw on Sept. 16, 2018, in Beijing.
Cybersecurity
Biden Executive Order Aims to Shore Up U.S. Cyber Defenses
The order makes it easier to go after foreign adversaries or hacking groups.
January 16, 2025
Hacking Alarm
Cybersecurity
VPNs and Critical Infrastructure Risks
Cybercriminals are increasingly exploiting VPN vulnerabilities.
January 15, 2025
Cybersecurity In A Bubble
Cybersecurity
Ghosts of Systems Past: Future-Proofing Industrial Control Systems
Security strategies that see, protect and manage critical assets across the attack surface.
January 15, 2025
Ep127
Cybersecurity
Security Breach: Breaking Down the Latest ICS Hack
The continued evolution of the CyberAv3ngers hacking group and its IIoT-focused malware.
January 15, 2025