A report published today considers potential real-world scenarios whereby a range of cyber attacks may cause physical damage to industrial organisations.
The report, produced by Lloyd’s, CyberCube and Guy Carpenter, looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches.
Increasingly connected ICS have long been a creeping risk for companies in the manufacturing, shipping, energy and transportation sectors, as they build more bridges between physical assets and the internet, and as cyber threats become more sophisticated. While cyber risks have previously been considered unlikely to materially impact the physical market, growing connectivity is changing the risk profile of these assets.
The Emerging Cyber Threat to Industrial Control Systems report details three scenarios which represent the most plausible routes by which a cyber attack against industrial control systems could generate major insured losses, significant property damage and even loss of human life.
Designed to aid individual syndicates’ understanding of the impact of emerging cyber risks on their portfolios, the report focuses on three potential routes of attack by organised hackers:
1. A targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise that manufacturer’s products before distribution;
2. A targeted attack, in which attackers exploit a vulnerability in widely used IoT devices found in industrial settings;
3. The infiltration of industrial IT networks to cross the OT ‘air-gap’.
In one scenario, once attackers gained access to a target firm’s IT system, they exploit ICS to inflict physical damage on the plant. This could, for example, involve gaining control of water pumps or temperature regulation systems.
Pascal Millaire, CyberCube’s CEO, said the risks are potentially far-reaching. "Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk,” he explained.
"The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy."
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE