Thankfully, I wasn’t traveling on July 18. My next flight was still a week away, but I’d been in similar situations such as the one that transpired in airports across the globe following by the Microsoft outage caused by, ironically, a CrowdStrike security software update. This event came on the heels of an AT&T network hacking incident (I am a customer), but again I dodged a bullet. But, it was quite a week for cybersecurity watchers.
Unfortunately, we’ve all become immune to threats, disruptions and even successful cyber-attacks. What can we do? We need our networks so we get angry and move on.
Industrial network operators don’t have the luxury of shrugging their shoulders. Disruptions to OT networks don’t just strand airline passengers, they can cause plane crashes, chemical releases, pipeline rupture or other catastrophic incidents. There have been more than 17 million control system cyber incidents that have occurred both maliciously and accidentally globally and across all sectors, according to Joe Weiss, managing partner of Applied Control Solutions and author of the Unfettered Blog. He adds that few of these incidents were identified as cyber-related. “If it’s not happening in the network, the feeling seems to be, then it’s not a hack, and if it’s not a hack, it’s not a cyber incident,” he writes.
The question for industrial process operators is whether they can recognize a cyber-attack in time to do something to stop it. Cybersecurity experts continually point out that identifying control system incidents as being cyber-related is a complicated endeavor, and the training to recognize control system incidents as being cyber-related is missing.
Cyber-threats aren’t going anywhere. In fact, they only get worse. Critical infrastructure such as pipelines and refineries are prime targets, particularly as the processing industry further digitally transformed and increasingly embraces artificial intelligence (AI). Ironically, these two trends while increasing risks also offer solutions, but they aren't fool proof.
Sometimes, it's still a good idea to rely on human ingenuity, but to do so, in this case, we must make sure we have the right training for our people to effectively fend off digitally caused disasters.
