Governance & Risk Management , Operational Technology (OT) , Video

Cyber Psychological Warfare: Hacking Operational Technology

Even the Threat of Disruption Plays Into Attackers' Hands, Says Ian Thornton-Trump
Ian Thornton-Trump, CISO, Cyjax, and executive member of the CyberEdBoard

Defenders of operational technology environments should look beyond the technical controls and incident response plans they've put in place. They also need to consider how attackers might undermine confidence in the service itself.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

So said Ian Thornton-Trump, CISO of Cyjax. He said that attackers don't have to knock out power for days or weeks or crash a water purification plant to cause psychological damage. Sometimes, even the mere suggestion that they're targeting critical infrastructure systems or sectors, whether or not their attacks are effective, can have a negative psychological effect, and might even be what they're aiming for (see: KillNet DDoS Attacks Further Moscow's Psychological Agenda).

Where psychological warfare is concerned, adversaries often "attack the leadership by attacking the things that the leader is perceived as being responsible for: the economy, all the way down to operational technology," Thornton-Trump said.

"From the operational technology perspective, lights, water, transportation networks, healthcare, all of these things are sacrosanct to our way of life," he said. "Any sort of disruption that takes place is always going to make headlines. It's always going to undermine the leadership."

In this video interview with Information Security Media Group, Thornton-Trump discussed:

  • How Western governments are turning psychological operations back on Russian groups, albeit with a more ethical playbook;
  • Why any attack on national critical infrastructure should be treated as a nation-state attack;
  • The technical and psychological factors attackers seek to exploit when they target OT networks.

At Cyjax, Thornton-Trump performs real-time analysis of immediate threats and keeps abreast of developing security threats. Previously, he was CTO at Octopi Managed Services. His previous experience includes serving with the Military Intelligence Branch of the Canadian Forces, later joining the CF Military Police Reserves and retiring as a public affairs officer in 2013. After a year with the RCMP as a criminal intelligence analyst, he began working as a cybersecurity analyst/consultant for multinational insurance, banking and regional healthcare firms. Thornton-Trump also teaches cybersecurity and IT business courses for CompTIA as part of its global faculty. He is a member of the CyberEdBoard.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.