Cyber-Kinetic: The War Goes Beyond the Wire

The loss of critical data, operational disruption, financial loss, most of all reputational damage – These are all considered to be common impacts of a cyberattack. While all these factors cause an enormous negative effect on the business, none of them cause any physical damage – perhaps this is the reason cyberwar is often called “war over the wire”. And only when individuals and organizations were building and rebuilding their cyber security frameworks – Scott Applegate’s words about “The Dawn of Kinetic Cyber” seems to be slowly turning into a sharp reality. Cybercriminals are no longer following the path of non-violence. Depending on the monetary gains and national interests, these criminals have switched to causing physical damage and are not afraid to fight till the death.

The Merging Worlds of Cyber-Physical and Cyber-Kinetic

As we switch to getting “smart” in almost every aspect of our lives with easy adoption of the Internet of Things (IoT) and Industrial Control Systems (ICS), we end up building cyber-physical systems (CPSes) around us. In 2006, Dr. Helen Gill of the National Science Foundation defined these systems as “physical, biological, and engineered systems whose operations are integrated, monitored, and/or controlled by a computational core. Components are networked at every scale. Computing is deeply embedded into every physical component, possibly even into materials. The computational core is an embedded system, usually demands a real-time response, and is most often distributed.”

So, if you think about it, from our water management systems and power grids to automated insulin pumps and defibrillators – most of us are surrounded by CPSes on a regular basis. While there is hardly any doubt that these CPSes have enhanced and improved the way we lead our lives, we cannot deny the inherent exposure to the disquieting possibilities of a tangible cyber threat.

Even though the timeline of cyber-kinetic attacks can be traced beyond the Stuxnet attack on the Iranian nuclear facility (2009-10), the 2021 incident wherein a hacker tried to pump a dangerous amount of chemicals into the water system of Florida – highlights the implications of such attacks.

Time to Redesign Our Security Paradigm?

As highlighted in our Cyber Security Predictions for 2022, kinetic-cyber results in:

1. Forcing the victims to be more open to negotiations when faced with the prospect of potential human casualties, and
2. Enhancing the credibility of cybercriminals amongst peers and finetuning their ability to bring in big financial gains, cause the maximum reputational damage, recruit affiliates, etc.

Our cyber threat intelligence team observes that verticals like critical infrastructure, healthcare, and research, would be targeted predominantly because of the ongoing COVID-19 pandemic, and the availability of vulnerable assets, including unpatched, outdated, or forgotten assets still in use.

Therefore, it is time organizations move beyond the traditional security paradigm and adopt solutions that are in sync with the emergent threat landscape. Some of the best ways in which one can future-proof against cyberattacks, especially kinetic-cyber are:

1. Securing the organization’s internet-facing properties with robust security protocols and encryption, including authentication or access credentials configuration, to ensure that critical information stored in databases/servers is always safe.
2. Implement a holistic security strategy that includes controls for attack surface reduction, effective patch management, active network monitoring, through next-generation security solutions, and ready to go incident response plan.
3. Blocking exploit-like behavior as well as monitoring endpoints memory to find behavioral patterns that are typically exploited, including unusual process handle requests. These patterns are features of most exploits, whether known or new.
4. Always listen to the research community and customer feedback when contacted about potential vulnerabilities detected in the organization’s infrastructure, or related compliance issues.
5. Lastly, conducting regular audits in the critical sector like data centers to prevent downtime to a significant level and foster a culture of cybersecurity – wherein organizations encourage and invest in employee training so that security is an integral part of your organization.