Personal experience, plus what I’m told by other clever folks, has taught me to treat with much skepticism any predictions regarding the future given by so-called experts – in fact all kinds of prognoses and prophesies about this, that and the other. Although I tend to share this view, I have to make an exception for the predictions of one single person in particular: me! Why? Because, unfortunately, those predictions normally come true…
Ten years ago, when we chose industrial cybersecurity as one of our new main areas for development of the company, attacks on industrial equipment were largely deemed hype and/or something out of Hollywood, or at least limited to relatively few specific enterprises; for example, ones like this. But since the beginning of the 2010s I’ve been repeating (ad nauseam!) that, sooner or later, attacks on industrial installations will go mainstream and become massive in scale, and that modern industrial security is sadly very lacking in its ability to cope with the realities of the digital world.
Today, attacks on industrial objects are becoming a daily – very expensive – reality. We’ve already seen how a ransomware-cyberattack on a mere office network of large pipeline can bring about a short-term rise in the price of gasoline in the U.S.A. So imagine how much more costly attacks on industrial components of critical infrastructure operators could be. And it’s not just a matter of financial losses incurred by targeted companies caused by their compelled down time – there’s also the hit taken by all the consumers of the companies’ products and services, which can be painful for regional economies and even national ones.
It all boils down to the fact that a modern industrial enterprise is an intricate complex of connected cyber-physical systems somehow connected to public networks. Going digital offers businesses a unique opportunity to control and optimize production processes at all stages. For hackers – alas, this represents an ability to attack devices whose security systems were developed last century (I’m not joking). Businesses not undertaking digitalization will eventually lose out to more effective, nimbler competitors; but connecting to the internet comes with serious risks for equipment, critical data and the business as a whole.
That is why I believe security to be perhaps the main deciding factor in the transformation of regular industry into Industry 4.0. And 10 years later, writing from our ninth international conference on industrial cybersecurity, I can confirm that Russia’s largest businesses and also international enterprises agree with me. But not by choice; out of necessity: according to data in our fresh report on industrial cybersecurity, in the first half of this year malicious objects were detected on 39.4% of devices ICS devices in Russia (that’s 7% higher than in the same period of the previous (pandemic) year). The number of malware families has also been on the rise – spurred on by the rushed (= sometimes botched) pandemic digitalization. For example, in 2019 we counted around 3300 families attacking industrial infrastructure objects; just in the first half of this year they numbered over 5100.
The good news is that the phenomenon of cyber-evil in industrial networks can and must be fought. And it is fought…
At our first ICS conference, rare experts in both the ICS sphere and information security described hypothetical risks, and (most impressively) demonstrated their practical potential. Fast-forward 10 years, and it’s real risks being talked about – by folks from the industrial enterprises themselves. What was particularly pleasant was how many of them also shared their experiences with introducing of systems of industrial cybersecruity – including our latest products (I’ll tell you about them in detail in a separate post).
And that’s how industrial cybersecurity looks today: when you have 300 top-tier participants (+500 online), 47 (!) speakers, 21 partners, 16 stands, and 300+ express PCR tests (positive results: 0). Sweet.
And now – after my meetings there with representatives from large industrial companies of Russia and beyond, checking out the stands of the various developers from around the world, chatting with visitors and participants, and taking part in a round table – I look to the future of cyber immunization of enterprises with guarded optimism. Sweeter ).
Examples of presentations:
- On threats to sat-navs;
- On threats to ships;
- On threats to solar-powered power plants;
- On building integrated systems of industrial cybersecurity with large energy companies (plus explanations of state regulations in the field).
It’s like, where else would you get industry/critical infrastructure folks + regulators + vendors of industrial cybersecurity all together exchanging opinions, experience and expertise all in one place? )
The increased number of participants exhibiting their industrial security solutions was also impressive – from microchips to design systems for industrial networks. There was a VR emulation of protecting a power plant from hackers. And of course there was the Kompany that has the same name as mine showing off its industrial cybersecurity solutions based on its cyber immune KasperskyOS – from the design and evaluation of regulatory risks to a single platform for detecting and reacting to threats.
Come evening – there was a bonus: since everyone had to be vaccinated to attend the conference, that meant everyone could attend the evening show too – headlined by legendary Russian rock band Bravo. Bravo!
Thank you Sochi! And spokoyni nochi!*…