EXECUTIVE SUMMARY:

As IT systems, IoT and operational technology converge, attacks on cyber-physical systems (CPS) in industrial, healthcare and other contexts will unfold with dire consequences, predicts Gartner.

Cyber-physical systems, defined as “systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans),” are coming together in new ways. As a result, physical systems that were previously siloed are now accessible through a single system entry-point. Organizations may be unaware of the fact that their operational technology systems are connected to their networks, or they may not be following proper security precautions.

At the moment, these convergences primarily exist in critical infrastructure and healthcare facilities. However, with the development of 5G networks, and the shift towards tele-health, cyber security incidents on CPS systems can easily lead to physical harm.

By 2023, the financial impact of CPS-related fatalities on organizations will likely surpass $50 billion. This accounts for litigation fees, loss-of-life compensation, insurance, regulatory fines and a damaged brand image.

“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” says research vice president at Gartner, Katell Thielemann. CEOS and other top executives will not be able to hide behind teams of lawyers or insurance policies.

In July, ICS-CERT announced the existence of a critical security bug within an industrial plant’s instrument system. The instruments at risk were responsible for powering down plant operations in the event of equipment failures, fires or explosions. Without their functionality, the organization could have seen loss-of-life.

For Gartner’s recommended best practices in preventing cyber-physical systems attacks, click here.