Skip to main content
close search
site logo
Dive Brief

OT cyberattacks could threaten human safety by 2025: Gartner

Published July 26, 2021
David Jones's headshot
Reporter
Sean Gallup via Getty Images

Dive Brief:

  • Threat actors are weaponizing OT environments to the point that by 2025 they will have the capability of injuring or killing humans, according to a report by Gartner. 
  • Security incidents in OT environments or other cyber-physical systems are driven by three main motivations: the desire for commercial vandalism or reduced output by these organizations; the desire for reputation vandalism; and the desire to inflict actual harm. 
  • The financial impact of such attacks on cyber-physical systems will reach $50 billion by 2023, according to Gartner research. Organizations will incur a wide variety of costs from such incidents, including insurance, regulatory fines, litigation, compensation and reputational costs. 

Dive Insight:

The threat of attacks on OT has existed for years. In 2017, a Saudi Arabian petrochemical facility was attacked by a malware called Triton, which was used to disable safety systems at the plant, according to Wam Voster, senior research director at Gartner. 

More recently the attack on the Oldsmar, Florida water treatment facility greatly enhanced awareness of the risk of targeted cyberattacks against critical infrastructure. During that incident, unknown threat actors exploited TeamViewer remote access software to raise the level of sodium hydroxide to dangerous levels in the local water system.

One concern about securing OT environments is that many facilities have systems that are more than two decades old, have not been updated and may still use outdated Windows software, according to Voster. The Oldsmar water treatment plant was using outdated Windows 7 software that was no longer getting security updates. 

"We need to make sure nobody can get to the system since there are no updates, no patches," Voster said. "That's why network segregation is so important."

The report makes three overall recommendations to reduce the safety risk to humans: 

  • Security and risk management leaders should implement a control framework that addresses potential threats to humans. 
  • Security leaders should deploy an internal OT security standard that is designed to create a common approach to security throughout the organization. 
  • Organizations should implement an architecture that clearly segregates networks for both OT and IT. 

Recommended Reading

Filed Under: Cyberattacks, Threats

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell