5 Trends Defining the OT and Cybersecurity Landscape

The ever-increasing connectivity of people and devices to the Internet and each other has made cyberspace the most active threat domain in the world. The cyber landscape is threatened by many hostile actors with access to advanced tools and technologies that help them conduct large-scale fraud and endanger national security. Among all sectors, the threat to critical infrastructure is garnering the most attention in the U.S. and globally, due to the sector’s direct connection to the country’s military and economic security.   
 
A study by Vedere Research Labs, the cybersecurity research arm of technology company Forescout Technologies, found that there were more than 420 million attacks targeting the global critical infrastructure sector between January and December 2023. These attacks can cause large-scale financial damage, with research by Lloyd’s and the University of Cambridge estimating the potential cost of a cyberattack on the U.S. power grid to be more than US$1 trillion.    
 
In an interview with the editor from Oil & Gas IQ, Reynaldo Gonzalez, Principal Cyber Security Architect at Cummins said, ‘The landscape is constantly evolving, and keeping up with it is a challenge itself. When transitioning from a traditional environment to an evolving landscape of Industry 4.0, new cyber threats and the sophistication of attackers’ tactics and techniques continues to increase. Currently, there's a shift towards a more proactive approach to security. Organizations across different verticals in the industry, including automotive, are placing greater emphasis on better threat detection, improved incident response, and enhanced incident responsibilities. The implementation of different security technologies allows for detecting and preventing threats, while also incorporating elements like a zero-trust architecture to increase the security posture. Cyber-attacks, particularly ransomware, continue to rise and target this space. Therefore, it is important to keep up and consider the big picture.’ 
 
Download the SPECIAL REPORT: Addressing the Systemic Vulnerabilities of North America’s Industrial Sector to Cyber Attacks 

Here are 5 trends currently defining the OT and cybersecurity landscape:

#1 The growing threat from China  
Even though adversaries have pre-positioned cyberattacks against the U.S. for long, the current and future threat posed by China’s pre-positioning activity is unlike any the country has ever faced. The biggest threat is Volt Typhoon, a China-sponsored hacker group, that has already breached critical infrastructure systems in the U.S. on multiple occasions. In 2023, it gained access to critical infrastructure facilities in the U.S., spanning sectors such as communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.  
 
According to a 2023 Microsoft report and a March 2024 report by the Cybersecurity and Infrastructure Security Agency (CISA), the biggest threat Volt Typhoon poses is the potential to disrupt critical services between the U.S. and Asia in the event of a future conflict. Another Chinese group called BlackTech has been targeting government and private entities operating in the industrial, technology, media, electronics, and telecommunication sectors. According to industry experts, these intrusions are being carried out to hold the U.S. and its allies at ransom during future conflicts and shape decision-making in such times. The dependencies and interdependencies that exist between industries are well-known to those in critical infrastructure organizations. What is also particularly concerning is the ability of these hacker groups to threaten the U.S. military by potentially disrupting critical supply chains such as power and water. To build resilience, the government has directed all companies, especially infrastructure providers to:  

• Ensure information systems and smart devices are properly configured and patched, and that they can log activity 
• Identify and replace any devices at the edges of their networks, such as routers and firewalls, that are no longer supported by their vendor 
• Create robust user-authentication measures such as multifactor authentication, to make it more difficult for hacker groups to breach their systems and devices  

#2 Rise in ransomware incidents  
The FBI Internet Crime Complaint Center (IC3) received a 22% increase in reported ransomware incidents from American victims in 2023 compared to the previous year. Overall incidents reported to the IC3 surged by a staggering 74% in the same year. Ransomware groups are increasingly using “double” and “triple extortion” attacks, which not only encrypt victims’ data but also threaten to sell or publicly release that data if a ransom is not paid.  
 
According to cryptocurrency-tracing firm Chainalysis’ annual crime report, ransomware payments in the U.S. valued over US$1.1 billion in 2023, nearly double the amount in 2022. Another study by British security software and hardware company Sophos found that, in the first seven months of 2024, around 67% of global energy and utilities companies were victims of ransomware attacks in 2024 - the same as 2023. Furthermore, 98% of the victims reported that the hackers attempted to compromise their backups during the attack.  

#3 Emergence of Advanced Persistent Threats (APTs)  
A key trend in the evolution of cyber threats is the rise of sophisticated APTs, often executed by nation-state actors. In recent years, groups like APT28 and APT29 have carried out various cyber espionage and data theft campaigns targeting critical infrastructure. According to federal authorities, APT28 - also known asFancy Bear, STRONTIUM, Pawn Storm, the Sednit Gang and Sofacy - was created by the Russian General Staff Main Intelligence Directorate (GRU) 85th special Service Centre (GTsSS) Military Intelligence Unit 26165. This group not only deployed malware on CISCO routers in 2021 but also carried out cyberattacks on the German parliament in 2015 and attempted to disrupt the independent analysis of chemical weapons by GRU in April 2018.

The APT29, also known as COZY BEAR, CozyDuke, Dark Halo, The Dukes, NOBELIUM, and NobleBaron, StellarParticle, UNC2452, and YTTRIUM, was responsible for the SolarWinds Orion supply chain compromise, which impacted over 30,000 public and private organizations, including government and critical infrastructure entities.  
 
#4 The rise of Artificial Intelligence (AI) and Machine Learning (ML)   
The rise of AI and ML is a double-edged sword in the fight against cyberattacks. On one hand, these technologies help hackers to generate malware rapidly, automate attacks, and create deep fakes. On the other hand, they stand at the forefront of the defense revolution against cyberattacks. AI and ML help companies and government institutions analyze patterns in network behavior to identify anomalies indicative of potential cyber threats, actsing as a digital early warning system that preempts attacks before they escalate into full-blown crisis.   
  
Moreover, AI-powered tools allow organizations to predict security incidents before they even start, facilitating proactive maintenance and vulnerability patching. These tools could soon be integrated into the software development process to identify vulnerabilities in new code and recommend potential fixes. As technology evolves, there is also the potential to rewrite existing code in a memory-safe programming language.  
  
#5 Connected devices have heightened cybersecurity risks  
The Internet of Things (IoT), which refers to the intersection of the physical and digital worlds, is poised to unlock massive value by creating a fully interconnected ecosystem across industry verticals. According to a McKinsey study, the IT suppliers’ market is expected to reach as much as US$500 billion by 2030. However, the proliferation of connected devices and the growing complexity of IoT use cases have also increased cybersecurity risks. IoT systems have higher risk profiles than enterprise IT systems due to their intricate connection to physical operations. Cybersecurity companies must develop solutions that consider the convergence of IoT and cybersecurity functionalities. According to a 2023 Mckinsey report, this is particularly challenging because converged solutions need to be either vertical or use case-specific and should also include a cross-tech stack layer.   
  
A 2023 study by Checkpoint Research found that in the first two months of the year, on average 54% of organizations were targeted each week, with nearly 60 attacks per organization per week targeting IoT devices. This represents a 40% increase from 2022 and a more than 300% increase from 2020. 

Download the SPECIAL REPORT: Addressing the Systemic Vulnerabilities of North America’s Industrial Sector to Cyber Attacks 
 
Interested in learning more? 
Join us at our upcoming OT Cybersecurity Summit, taking place in Houston on October 28-29, 2024, for more insights on navigating the current landscape and enhancing your organization’s cybersecurity posture. This year’s Summit will bring together leaders in OT, SCADA, security, risk, operations, ICS, and cybersecurity to discuss strategies for reducing system vulnerabilities and mitigating cyber threats across OT operating environments. Download the agenda for more information.