The financial impact of cyber-physical system attacks resulting in fatal casualties will reach more than US$50 billion by 2023, Gartner predicted recently.
A cyber-physical system is a smart system that includes engineered interacting networks of physical and computational components, according to the International Society of Automation.
These highly interconnected and integrated systems provide new functionalities to improve quality of life and enable technological advances in critical areas, such as personalised health care, emergency response, traffic flow management, smart manufacturing, defence, and energy supply and use, the society said.
In addition, cyber attackers will have weaponized operational technology (OT) environments by 2025 to successfully harm or kill humans, said the advisory firm.
Attacks on OT — hardware and software that monitors or controls equipment, assets and processes — have become more common, according to Gartner.
Such attacks have also evolved from immediate process disruption such as shutting down a plant, to compromising the integrity of industrial environments with intent to create physical harm, Gartner said.
Other recent events like the Colonial Pipeline ransomware attack have highlighted the need to have properly segmented networks for IT and OT, the advisory firm added.
In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft, said Wam Voster, senior research director at Gartner.
“Inquiries with Gartner clients reveal that organizations in asset-intensive industries like manufacturing, resources and utilities struggle to define appropriate control frameworks,” he noted.
According to Gartner, security incidents in OT and other cyber-physical systems have three main motivations: actual harm, commercial vandalism (reduced output) and reputational vandalism (making a manufacturer untrusted or unreliable).
Even without taking the value of human life into account, the costs for organisations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant, said Gartner, adding that most CEOs will be personally liable for such incidents.