Cyber attackers are likely to weaponise operational technology (OT) environments by 2025 to successfully harm or kill humans, according to Gartner, Inc.
Attackers are increasingly targeting operational technology which includes hardware and software that monitors or controls equipment, assets and processes.
They have also evolved from immediate process disruption such as shutting down a plant, to compromising the integrity of industrial environments with intent to create physical harm, Gartner said.
One of the most recent notable security incidents is the Colonial Pipeline ransomware attack. Colonial Pipeline, an American oil pipeline system originating in Houston, Texas suffered a massive ransomware attack onay 7, 2021. The pipeline carries gasoline and jet fuel mainly to the Southeastern United States, accounting for nearly 45 per cent of the East Coast's fuel, as per reports. The company had to shut down all of the pipeline's operations for nearly a week to obtain the attack that had impacted computerised equipment managing the pipeline.
The attack highlighted the need to have properly segmented networks for IT and OT.
“In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft,” said Wam Voster, senior research director at Gartner.
“Inquiries with Gartner clients reveal that organizations in asset-intensive industries like manufacturing, resources and utilities struggle to define appropriate control frameworks.," Voster further said.
According to Gartner, security incidents in OT and other cyber-physical systems (CPS) have three main motivations: actual harm, commercial vandalism (reduced output) and reputational vandalism (making a manufacturer untrusted or unreliable).
It has predicted that the financial impact of CPS attacks resulting in fatal casualties will reach over $50 billion by 2023.
"Even without taking the value of human life into account, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant," it said.
Gartner has also predicted that most CEOs will be personally liable for such incidents.