Industrial control systems (referred to as ICS) have faced an ever-growing volume of threats over the past few years.

From 2015 to 2016, IBM Managed Security Services reported a 110 percent increase in ICS cybersecurity attacks. The US accounted for most of these incidents, given it has the most Internet-connected ICS networks on the planet, but the effects were still geographically widespread.

In December of 2015, a Ukrainian power company suffered an outage caused by a malware attack titled BlackEnergy; in 2016, the United States Department of Justice charged seven Iranians for coordinating cyberattacks against a dam in Rye, New York; that same year, an unnamed European energy company was attacked by a sophisticated strain of malware titled SFG; in 2017, FireEye responded to a malware attack against an unnamed critical infrastructure organization; and the list goes on.

At the same time, the prevalence of ransomware attacks has dramatically increased.

From February 2015 to mid-2016, the ransomware Teslacrypt struck online gamers worldwide; from early 2016 to mid-2017, the Petya ransomware heavily hit Ukraine (in addition to numerous other countries); in May of 2017, the ransomware WannaCry infected hundreds of thousands of devices around the globe, notably hospital systems across Europe; and again, the list goes on.

One strain of ransomware dies, and another one (often just a slightly adapted replication) takes its place. Over the next few years, we’re going to see a rising intersection between these two – specifically, ransomware attacks against industrial control systems.

As the SANS Institute and numerous other researchers have articulated, industrial control systems are quite challenging to secure. This is especially true as governments depend increasingly on private-sector infrastructure for public- and national security-related activities, which amplifies the damage that can be caused by a ransomware attack. (Imagine such an incident (Read more…)