The Cascading Impact of Cyberattacks: Lessons from History and the Modern Digital Landscape

During World War II, the U.S. Army Air Forces strategically targeted ball bearing factories in Schweinfurt, Germany, believing that disrupting these manufacturing operations would significantly hinder the Nazi war machine. This historical precedent illustrates a critical principle: attacking a single point in a complex system can have far-reaching consequences. Today, this principle resonates in the realm of cybersecurity, where a breach in one sector can ripple through the entire economy, affecting various industries and services.

The Modern Cybersecurity Landscape: A Web of Interdependence

The interconnectedness of our digital infrastructure has never been more pronounced. Recent cyber incidents, such as the Colonial Pipeline attack, exemplify this reality. The attack not only disrupted fuel supplies but also had cascading effects on industries far removed from the pipeline itself, including aviation. American Airlines, for instance, had to adjust its operations at Charlotte Douglas Airport due to the fuel shortages caused by the cyberattack. Similarly, the NotPetya malware, initially aimed at Ukraine, spread globally, disrupting supply chains and affecting businesses worldwide.

At the S4 Conference in 2023, cybersecurity expert Josh Corman highlighted the potential for cascading failures across critical infrastructure sectors. He emphasized that the healthcare sector, for instance, relies on various other sectors—such as water, energy, and transportation—to deliver essential services like patient care. This interconnectedness means that a cyber incident targeting one sector can have profound implications for others, raising questions about the resilience of our critical infrastructure.

Historical Context: The SQL Slammer Incident

The threat posed by cyberattacks is not a new phenomenon. The SQL Slammer worm, which emerged over two decades ago, infected approximately one in every 1,000 computers worldwide. Unlike the recent CrowdStrike incident, which involved a bug in a widely used cybersecurity tool, SQL Slammer was an intentional exploit that took advantage of a vulnerability for which a patch had been available for over six months. This incident serves as a reminder that software vulnerabilities can have real-world consequences, regardless of the intentions behind their exploitation.

As digital technology continues to permeate every aspect of our lives—from automobiles to medical devices—the risks associated with insecure code and misconfigurations become increasingly significant. Research from Claroty’s Team82 underscores that these vulnerabilities can lead to severe implications for national security, economic stability, and public safety.

The Shift to Cyber-Physical Systems: A New Red Line

Today, every water treatment facility, electric utility, manufacturing plant, and even military base relies on digital equipment to function effectively. These interconnected systems, known as cyber-physical systems (CPS), can monitor and influence physical processes. While the benefits of CPS are substantial, they also represent a soft underbelly of digital risk. Cybercriminals and nation-states have begun to exploit these vulnerabilities, leading to incidents that can disrupt essential services.

The Stuxnet malware attack in 2010 marked a significant turning point in the realm of CPS, targeting Iran’s nuclear program by causing centrifuges to malfunction while appearing to operate normally. Subsequent attacks, such as Industroyer in 2016 and various attempts against critical infrastructure in Israel and the U.S., highlight the growing trend of cyberattacks targeting CPS. These incidents reveal how adversaries can exploit vulnerabilities to assess the resilience of critical infrastructure and the responses of both public and private sectors.

The CrowdStrike Incident: A Call for Reflection

The recent CrowdStrike bug incident, while not a malicious attack, serves as a critical moment for reflection. It was a mistake rooted in gaps within a quality assurance process, yet it underscores the increasing reliance on digital systems. The physical consequences of failures in cyber-physical systems can be severe, impacting everything from oil pipelines to hospital operations.

Despite the infrequency of attacks against CPS, many systems that manage or control these infrastructures still run on outdated operating systems, such as Windows. The long obsolescence periods of industrial equipment and the culture of change aversion in operational technology exacerbate the risks. The question remains: what if a nation-state were to target CPS in a more coordinated and destructive manner than the CrowdStrike incident?

Proactive Measures: What Can Be Done?

Given the high cyber risk associated with CPS, it is crucial to take proactive measures to mitigate potential threats. Here are three key actions that organizations and governments should consider:

1. Operationalize Compensating Controls: Organizations should develop a comprehensive asset inventory and understand known good communication patterns. This knowledge can facilitate the implementation of compensating controls, such as network segmentation and secure access, to limit vulnerabilities.

2. Expand Secure-by-Design Practices: The Cybersecurity and Infrastructure Security Agency (CISA) has emphasized the importance of "Secure by Design" principles. This approach should be extended to CPS, particularly in collaboration with medical device manufacturers and automation vendors to ensure that security is integrated from the ground up.

3. Adopt Secure-by-Demand Programs: CISA’s "Secure by Demand" initiative encourages asset owners to ask critical questions of their software vendors throughout the procurement process. This approach aims to drive market forces toward the production of more secure software solutions.

Conclusion: Understanding the Broader Implications

The adoption of cyber-physical systems has undoubtedly driven innovation and efficiency across various sectors. However, the inherent risks associated with these systems necessitate a comprehensive understanding of their role in the global supply chain. The CrowdStrike incident, while not malicious in nature, serves as a stark reminder of the fragility of our interconnected systems. Disruption can have far-reaching consequences for economic and national security, and it is imperative that we recognize the critical role CPS play in maintaining the smooth functioning of society.

As we navigate this complex digital landscape, it is essential for businesses and governments alike to take proactive steps to enhance resilience and security. By learning from past incidents and implementing robust cybersecurity measures, we can better prepare for the challenges that lie ahead in an increasingly interconnected world.

Grant Geyer is the Chief Strategy Officer at industrial cybersecurity firm Claroty Ltd. With a background in military intelligence and executive roles at prominent cybersecurity companies, he brings a wealth of experience to the discussion of cybersecurity and critical infrastructure resilience.