The UK has already suffered stealth cyber attacks on more than 80 manufacturing plants, with criminals deploying tactics that could put critical national infrastructure at risk. In an anonymous survey of manufacturers, almost half admitted that they have fallen prey to cyber warfare, according to trade group EEF. IT security experts commented below.
Tim Erlin, VP at Tripwire:
“It’s important to distinguish between cyberattacks on manufacturers and cyberattacks on industrial control systems. While they may be related, they’re not the same thing. Any organization with connected computer systems may fall victim to cyberattacks across a broad spectrum of technologies, but attacks on the systems that control a manufacturing plant floor are much more specific. Of course, manufacturing isn’t the only industry using industrial control systems.
We have seen a rise in attack on control systems themselves, and the impact to the business of these attacks can be very direct. At the same time, cyberattacks in general continue to plague organizations around the globe.”
David Emm, Principal Security Researcher at Kaspersky Lab:
“The world isn’t ready for cyber-attacks against critical infrastructure, but attackers are clearly ready and able to launch attacks on these facilities – as this trend towards attacks on the manufacturing sector shows.
We’ve seen attacks on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals – cases where organisations have spotted attacks and acknowledged them. However, many more companies do neither, and the lack of reporting of these attacks hampers risk assessment and response to the threat. Security must be tailored to the specific needs of each organisation and be seen as an ongoing process. This is true also of the human dimension – tricking people into taking action that launches the initial exploit is as common in attacks on such facilities as it is in any other attack.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.