What magnitude of cyberattacks can we expect to see on critical infrastructure in 2023? To gain an understanding, Digital Journal heard from Edward Liebig, Global Director of Cyber Ecosystem at Hexagon Asset Lifecycle Intelligence. Liebig set out to provide his predictions for 2023.
The ICS/OT Skills Gap will Widen Due to Unprecedented Demand
According to Liebig : “Research has shown that the vast majority of electricity, oil and gas, and manufacturing firms have experienced cyberattacks over the past year and a half or so. Research has also shown that the cybersecurity workforce gap is growing due to high demand for skilled professionals. In addition to the intense threats against critical infrastructure systems that’s been prevalent for years, the Biden Administration’s new 100-day sprints across sectors and more regulations are released, more specialized professionals are needed to keep up. Additionally, many organizations currently lack staff with the ability to successfully integrate security practices and rigor across IT and OT departments, which is gaining significance and importance with the rise of industry 4.0 in 2023.”
Industry 4.0 Will Drive the renewed IT/OT Convergence Conversation
On this business reconfiguration, Liebig explains: “Collaboration of IT and OT departments will continue to be the best solution for remediating vulnerabilities, tracking present and future threats, and responding to any incidents efficiently. However, the conversation will continue to be heated and overshadow the benefits of merging the security oversight and accountability of these two historically separated departments. IT-OT convergence is not a new idea. It has been around for decades and the most successful companies have reaped the benefits.”
Further to corporate changes, Liebig opines: “The difference now is with the rise of Industry 4.0 and the interconnectedness of systems we’re seeing, collaboration between these two departments is no longer an option but a necessity. I anticipate we’ll see many major companies jumping aboard the converged security ship and observing the benefits from increased efficiencies and visibility to decreased costs and downtime.”
Attacks on ICS/OT Will Result in Human Costs
In terms of the impact of these types of changes, Liebig sets out: “We all know that attacks on critical infrastructure have real-world implications. Whether it’s contaminated water supplies or minimal access to fuel, we’ve seen the costs these cyberattacks have firsthand. While hackers’ activities will likely still be money-driven, we can expect to see human cost become more of a play in the following year. Asset visibility continues to be an issue for operators, which means securing, segmenting and hardening defenses becomes a guessing game of what’s important and what’s not. If IT and OT security convergence continues to be stunted and, thus, visibility remains poor, attacks that have been close calls in the past (such as the poisoning of the water supply from a Florida plant in 2021) will eventually have human costs.”
We’ll See a Catastrophic Attack on the Energy Grid in 2023
For the U.S. Liebig is particularly worried about the impact upon utilities. He predicts: “The skills gap, recession and tensions abroad are forming a perfect storm for a major attack on the power grid in 2023. Energy experts sounded the alarm in June of 2022 that the electric grid in the U.S. wouldn’t be able to withstand the impacts of climate change, and as Ukraine stands its ground in its conflict with Russia, we’re likely to not only see more attacks on Ukrainian energy infrastructure, but the U.S.’s infrastructure as well.”
As part of the trend, Liebig finds: “At the beginning of 2022, Homeland Security warned that domestic extremists had been developing plans to attack the U.S. electric power infrastructure for years. The combination of aforementioned factors makes the U.S.’s power grid more vulnerable to cyberattacks than it has been in a long time.”
