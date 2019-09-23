September 23, 2019

By Ryan BrichantVP, CTO Critical Infrastructure and OT Security

'Disrupting' traditional business models might be hot talk for start-ups pitching investors, but in the world of manufacturing, transportation, energy and similar sectors, real 'disruption' of production and facilities due to cyberattacks can have devastating safety and financial consequences.

The old concepts of malware wreaking havoc in a system for monetary gain are still present, but a new breed of attacks that we call 'disruptionware' is wreaking havoc in networked industrial control system (ICS) and operational technologies ()environments. These attacks are becoming increasingly consequential for the operator community because of the immediate disruption to operations and the potential safety impact to employees.

A joint report with Forescout and the Institute for Critical Infrastructure Technology (ICIT), a cybersecurity think tank in Washington, D.C. digs into this concerning trend. The report titled 'The Rise of Disruptionware: A Study on How Disruptionware Like LockerGoga Significantly Impacts Critical Infrastructure' examines the attack patterns targeting critical industry sectors like manufacturing, including ransomware, disk-wiping malware and similarly disruptive malicious code.

Here are some of the key highlights and the immediate reasons why we feel this study is important:

Modernizing the Shop Floor but Forgetting Cybersecurity

The attack surface was narrower when you had to scale walls or cut fences to get at a manufacturer's network. But operators today are making massive investments in newer, more productive and efficient equipment that relies on connectivity to receive orders, self-diagnose issues and scale to demand. Those updated systems, which are often connected to the Internet and traditional networks, have changed the risk equation for cybersecurity because they can potentially be hacked from afar.

In the typical security world, a ransomed file or infected laptop can be quickly restored thanks to strong back-up and recovery postures. But manufacturing assembly lines or water pumps damaged by malware or the ripple effects of a cyberattack don't have that luxury. You cannot simply restore those physical goods with a cloud back-up. And, without that backup, a cyberattack can mean immediate interruption of services, regulatory issues and financial hits.

'Disruptionware' is More than Just a Nuisance

Disruptionware is about more than just preventing access to systems and data. It is about suspending operations, disrupting continuity, and crippling a business's ability to engage in operations, gather resources, and disseminate deliverables.