Potential systemic risks lurking within IIoT

A report published today considers potential real-world scenarios whereby a range of cyber attacks may cause physical damage to industrial organisations.

The report, produced by Lloyd’s, CyberCube and Guy Carpenter, looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches.

Increasingly connected ICS have long been a creeping risk for companies in the manufacturing, shipping, energy and transportation sectors, as they build more bridges between physical assets and the internet, and as cyber threats become more sophisticated. While cyber risks have previously been considered unlikely to materially impact the physical market, growing connectivity is changing the risk profile of these assets.

The Emerging Cyber Threat to Industrial Control Systems report details three scenarios which represent the most plausible routes by which a cyber attack against industrial control systems could generate major insured losses, significant property damage and even loss of human life.

Designed to aid individual syndicates’ understanding of the impact of emerging cyber risks on their portfolios, the report focuses on three potential routes of attack by organised hackers:

1. A targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise that manufacturer’s products before distribution;

2. A targeted attack, in which attackers exploit a vulnerability in widely used IoT devices found in industrial settings;

3. The infiltration of industrial IT networks to cross the OT ‘air-gap’.

In one scenario, once attackers gained access to a target firm’s IT system, they exploit ICS to inflict physical damage on the plant. This could, for example, involve gaining control of water pumps or temperature regulation systems.

Pascal Millaire, CyberCube’s CEO, said the risks are potentially far-reaching. "Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk,” he explained.

"The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy."

    Share Story:

YOU MIGHT ALSO LIKE


COMMUNICATING IN A CRISIS
Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023