Hijacked, rampaging infrastructure will kill humans by 2025 – Gartner
Ransomware efforts will inevitably lead to threats to life as attacks on OT go OTT
Rise of The Machines Rampaging cyber hoods will be using compromised machinery and systems to kill humans by 2025, according to cheerfully optimistic new predictions from research company Gartner.
The warning around what Gartner calls "operational technology (OT) environments" – which it described as "hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events", so basically industry and infrastructure with moving parts – comes following an increase in assaults on such systems, frequently in connection to ransomware attacks or simple state-sponsored hooliganism.
While such attacks can be dangerous, any threat they currently pose is typically a secondary effect of the avarice of the perpetrators: a ransomware attacker shutting down a water company is not usually trying to cause customers of the affected company to die from dehydration, for example. They just want to inconvenience everyone enough for the company to pay up. There have been exceptions.
But Gartner then suggested that attempts to deliberately hurt humans will be the next logical step.
"[Attacks have] evolved from immediate process disruption such as shutting down a plant, to compromising the integrity of industrial environments with intent to create physical harm," the company sternly lectures, citing an example from February this year in which a criminal tried to poison a Florida town by remotely accessing a PC controlling a water plant.
According to the report, bad actors attempt to upset infrastructure and industrial facilities for one of three reasons: “actual harm, commercial vandalism (reduced output) and reputational vandalism (making a manufacturer untrusted or unreliable).”
All of these outcomes can be used to extort money, and the suggestion is that the worse the possible result, the quicker the organisation will pay up to prevent the threat of it. QED.
- Northern Train's ticketing system out to lunch as ransomware attack shuts down servers
- UK and chums call out Chinese Ministry of State Security for Hafnium Microsoft Exchange Server attacks
- Wanted: State-backed bandits planning cyberattacks on US infrastructure. Reward: $10m
- With a straight face, Putin agrees to do something about ransomware coming out of Russia, apparently
In case the consequences of this sort of cyber intimidation were not clear enough for those holding the purse strings, Gartner went on to suggest that by 2023, the financial cost of physical harm caused by cyber-intrusions of OT environments will be over $50bn. And if that is not enough to nudge bosses out of any remaining complacency, they also speculate that by 2024, 75 per cent of CEOs will be personally liable for the outcomes of such incidents.
To be honest, we at The Register feel this last stat is a bit optimistic, given that recent corporate history has proven that CEOs can rarely be held responsible for anything. But, y'know, we guess it's worth a shot.
The solution Gartner put forward to prevent this dystopian meatsack-mangling future is, strangely enough, aligned quite closely with the services that it can itself provide.
“Gartner recommends that organizations adopt a framework of 10 security controls to improve security posture across their facilities and prevent incidents in the digital world from having an adverse effect in the physical world,” it helpfully stated, also supplying a detailed list and handy diagram illustrating the 10 controls that it conveniently must have had just lying around.
Sadly, the bulletin does not carry its logical conclusions forward far enough to include artists' impression footage of infrastructure components breaking out of their industrial bondage and going on a homicidal rampage, as in Rise of the Robots [above]. Which is Gartner very much saying the quiet bit loud and the loud bit quiet, in our opinion. ®