ICS 2022

In the last 2 years, over 100 industrial operations have shut down or suffered physical damage from cyber attacks - pipelines obviously, manufacturing plants, rail systems, steel mills and others. In this presentation we review the attacks & outages, identify patterns in attacks and patterns in defensive system failures, and we draw conclusions about the changing threat environment. One important conclusion is that ransomware criminals are trailing nation-state attack tools and techniques by less than 5 years. What we see nation states doing to each other today, we should expect to see ransomware groups doing to everyone with money in just a couple more years. We conclude with a look at the new DOE Cyber-Informed Engineering strategy which highlights engineering as a neglected asset in addressing these risks, and dig into how safety, automation and network engineering should play a role in preventing unacceptable physical outcomes of cyber attacks.