In the past 24 months, major retailers, banks, entertainment firms and healthcare providers have experienced severe data breaches. Hacking is big business. A report by RAND Corporation and Juniper Networks in 2014 described security attacks this way: “cybercrime is prevalent and increasingly and inextricably tied to a growing and maturing underground economy." Sounds more like something out of Harvard Business Review describing the emergence of a new industry, like social networking 10 years ago, not cybercrime.
What isn’t frequently reported or studied is the impact of cyber attacks on critical infrastructure. In information hacking, most often the crooks are looking to make a quick buck. When it comes to critical infrastructure, the goals of hackers are different, and the risk for oil and gas, utilities, transportation and even healthcare have much higher and dire consequences on human life, assets and the environment than a data breach.
Truth is, attacks on operational technology (OT) such as ICS and SCADA systems are real and growing. In fact, a news story by Market Business News reports that "ICS-CERT responded to 295 reported incidents in the US involving critical infrastructure in fiscal 2015, up 20 percent from the previous fiscal year." Critical manufacturing, Energy, and Water and Wastewater were the top three industries respectively with reported incidents.