IT is important, but OT is critical. For mechanical and other engineers, this urgent situation offers an unprecedented—and especially critical—opportunity to reexamine, reimagine, and reengineer cybersecurity solutions for the machines and infrastructure that run the world.
Speaking at the sixth annual Boston Conference on Cyber Security at Boston College in June 2022, FBI Director Christopher Wray revealed that the agency had thwarted a planned cyberattack on Boston Children’s Hospital the previous summer. As the Boston Globe reported, the FBI, working with the U.S. Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, and the U.K.’s National Cyber Security Centre, discovered that “hackers associated with the Iranian government” had accessed the environmental control network in an effort to breach its data networks through its third-party HVAC system or to commandeer the facility’s temperature control system.
Detected early enough to prevent any damage to the network or the hospital’s data, the attack could have been an extortion attempt using ransomware. Whatever the intent, this malicious act underscored the vulnerability of both operational technology (OT) and industrial control systems (ICS)—in this case the monitors and controls of the hospital’s HVAC system—to hijacking by cybercriminals and rogue nation-states.
In this white paper, key points include:
- The attack surface extends to environments that include manufacturing facilities, supply chains, and most alarmingly, critical infrastructure sectors.
- The control systems and devices that monitor and regulate everything from the HMIs and controllers embedded in vital large-scale machinery demand the most vigilant and uncompromised safeguards. Yet this equipment is glaringly insecure.
- For mechanical and other engineers, this urgent situation offers an unprecedented—and especially critical—opportunity to reexamine, reimagine, and reengineer cybersecurity solutions for the machines and infrastructure that run the world.
- Unlike the widely publicized cyberattacks on computer networks, information systems, and personal devices, the true scale of OT and ICS cyberattacks goes largely underreported.
- In a study surveying more than 700 IT and IT security decisionmakers, nearly all (90%) respondents had experienced at least one damaging OT or IT infrastructure security event over the preceding two years, and 62% said they had experienced two or more attacks.
- Defense in Depth (DiD) employs a multi-layered approach with multiple redundancies to guard entire systems from different attack vectors.
Your download is sponsored by ASME.