Data cybersecurity is a known threat to both IT and critical infrastructure applications. However, the major threats to critical infrastructures are kinetic cyberattacks that can cause extensive long-term equipment damage. Kinetic cyberattacks have yet to be explicitly addressed in any sectors’ cybersecurity guidance including electric, oil/gas, maritime, food and agriculture, etc. Network security organizations do not have the technical capabilities to address kinetic cyberattacks which are engineering-based and don’t compromise the integrity of the data packets, just the data in the packets. Without engineering participation, kinetic cyberattacks cannot be detected or mitigated. The July 25th Stuxnet hearing clearly demonstrated that appropriate workforce development for control system cybersecurity is needed. The August 13th CISA OT Asset Inventory guidance document doesn’t address the issues exploited by Aurora, Stuxnet, and the Chinese. That is, you may have an inventory of the OT devices, but you don’t know if the OT devices have been compromised. Moreover, consider how much more widespread and extensive damage could be done by incorporating Artificial Intelligence (AI) into kinetic cyberattacks.
Thu, Aug 21
Kinetic cyberattacks damage equipment: What network security misses puts us at risk
1