The major geopolitical crises of the past year, such as Russia's ongoing war against Ukraine and the Middle East conflict, have also impacted cybersecurity. A security solutions provider presents its forecasts for 2024.
In April, Canadian intelligence officials reported that Russian attackers appeared to have gained access to Canada's natural gas distribution network and were able to cause physical damage. And in August, Ukraine's State Security Service said that Russia's GRU military intelligence service was attempting to use tailored malware against Starlink satellites to collect data on Ukrainian troop movements.
But even beyond these politically motivated attacks, there were serious incidents that not only affected IT networks, but also had an impact on the expanded Internet of Things (XIoT). Max Gilg, Sales Director for Critical Infrastructure at Claroty, shows current trends and how they will develop next year:
Increasing networking
This is not surprising as digital transformation continues to gain momentum. More and more previously isolated assets are becoming connected and networks are converging. There are currently between 15 and 17 billion connected IoT devices and this number is expected to double within 24 months. By 2024, these devices will generate more than 80 billion IoT connections, with 70 percent of them located in critical infrastructure.
Prediction 1: Every network will become an XIoT network
As converged XIoT networks become the norm in all critical infrastructures, the protection of cyber-physical systems can no longer be purely network-centric, but must increasingly place assets at the center of the security approach. Particularly in the industrial sector, physically isolated systems will continue to exist for the foreseeable future due to the long depreciation cycles.
Nevertheless, the infrastructure in this sector is also becoming increasingly digital and requires corresponding new security measures. But convergence is also continuing to increase in other industries, be it in the healthcare sector through the integration of new medical devices (IoMT) or in corporate infrastructures, where areas such as building management are increasingly being integrated in the hope of increasing efficiency.
However, as any network becomes a virtual and converged XIoT network, successful implementation requires three prerequisites: a deep understanding of legitimate traffic patterns, the ability to detect policy violations and abnormal behavior, and segmentation through firewalls, NACs, and micro-segmentation to ensure the security of network communication.
vulnerability management
Traditional vulnerability management does not work in the area of cyber-physical systems. The gap between vulnerabilities discovered, patched, and exploited is widening - and the rapid development and deployment of CPS in critical sectors is exacerbating this situation. Almost 70 percent of CPS vulnerabilities disclosed last year received a CVSS score of “high” or “critical,” but less than 8 percent of them were actually exploited. The (theoretical) criticality says nothing about the real risk for the respective infrastructure. At the same time, the vast majority (78%) of healthcare security, IT and technology leaders see remediating vulnerabilities as the largest gap in their cyber defenses.
Prediction 2: New paradigms are emerging in vulnerability management
To prepare vulnerability management for today's challenges, critical infrastructure organizations in particular must complement or replace their current vulnerability management with an assessment model that predicts which vulnerabilities attackers are most likely to weaponize. In conjunction with Zero Trust, companies can ensure that their processes are not disrupted or manipulated.
Artificial intelligence
Attackers are increasingly successfully using AI as a weapon. Earlier this year, the NSA and its intelligence partners discovered indicators of compromise of critical U.S. infrastructure networks. Chinese attackers are believed to have used sophisticated tools to penetrate the cyber-physical systems of a key military base in Guam, which is of strategic importance in the event of a future conflict in Asia. The Guam incident joins an increasingly evident trend of state-sponsored attackers weaponizing new technologies such as AI, driven by the increasing convergence of IT and OT networks in manufacturing, transportation and healthcare is reinforced. The approach to protecting CPS needs to change accordingly.
Prediction 3: Generative AI will improve the resilience of cyber-physical systems
Only through generative AI in cybersecurity can AI-assisted attacks be successfully addressed in terms of speed, sophistication and scale. At the same time, their use is becoming increasingly practical and effective. Digital transformation shows no signs of slowing down – to the point where our critical infrastructure is completely reliant on the ever-growing Advanced Internet of Things (XIoT).
The volume of XIoT data points that are continuously generated provides valuable insights for CPS operators and security managers to use. This becomes possible with generative AI. Automating key security and operational processes, providing comprehensive insight into the entire XIoT attack surface, and ways to pre-empt attackers are just a few of the many ways AI can be expected to improve the resilience of these critical assets and systems in the future will improve.
More at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.
Matching articles on the topic