Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceFire & Life SafetyInfrastructure:Electric,Gas & Water

Defending against killware: The cyber threat with physical consequences

By Dennis Lanahan
hacker codes killware
January 28, 2022

Even though data breaches, ransomware attacks and other cyber threats have become part of daily life, many organizations still get caught by surprise. Some, perhaps believing it won’t happen to them, still refuse to put money in the budget for cybersecurity. Others put their trust in outdated technology or rely on cybersecurity insurance policies to bail them out after a breach.

No matter what missteps leave a company vulnerable, the results are predictable: a struggle to pick up the pieces after an attack, with financial and operational costs that can linger for years. And hopefully, the organization learns its lesson and implements effective cybersecurity going forward.

But when the impacts of an attack become life and death, there are no second chances. 

“Killware” attacks — cyberattacks that aim to cause direct physical damage and bodily harm — are a serious concern for critical infrastructure operators such as oil and gas pipelines, water systems, power generators and medical facilities. Protecting against these threats requires a different mindset, one that focuses on preventing the attack in the first place, rather than mitigating the damage afterward.

What is killware?

A killware attack is fundamentally different from other types of cyberattack. Rather than attempting to steal information, disrupt computer networks, or encrypt data for ransom, killware attacks attempt to cause real-world damage by manipulating operational technology (OT) — the valves, pumps, turbines and other equipment that keeps our world running. 

The 2021 attack against the Oldsmar, Florida’s water system is an example of this kind of attack, though fortunately no one was harmed in that case. The Oldsmar attacker gained access to the water treatment plant’s control systems and increased the amount of sodium hydroxide being added to the water by a factor of 100 — an amount that would have been hazardous if the attack had not been detected in time.

In the past, attacks against industrial control systems required physical access to a facility because few OT devices were connected to external networks. But with the rise of smart, cloud-enabled OT devices, the landscape has changed. Threat actors have millions of new devices to target and new pathways to reach them. 

We can’t simply hope that someone will detect the next killware attack before the damage is done. OT devices need cybersecurity that is strong enough to prevent threat actors from gaining access in the first place.  

Industry standards provide valuable guidance

There are several standards that provide direction on how to protect critical infrastructure. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) regularly updates its guidance on protecting critical systems, including its publication Seven Steps to Effectively Defend Industrial Control Systems. The North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protections for balancing physical security and cybersecurity have been used extensively within the electrical industry and can be used as a cybersecurity framework in other sectors like transportation and pipeline security.

There is a huge body of evidence around the implementation of these controls and the mitigations they provide that are beneficial for other industries to consider. Two concepts are particularly important:  limiting external routable communication and limiting interactive remote access.

Hardware-enforced security makes killware ineffectual

Along with these well-established best practices, technology plays a major role in stopping killware attacks.

The open nature of software firewalls, which can be frequently hacked or with rules accidentally left open, unfortunately enables vulnerabilities and introduces new threat vectors. Monitoring and threat detection tools remain important, but many only reveal attacks after the fact.

With hardware-enforced network segmentation, often achieved through one-way-only data flow technology known as data diodes, data can securely flow out of a source network to an external destination without introducing risk. Organizations employing an air-gapped architecture can connect externally through hardware-enforced technology that prevents threats from entering back into the network. In fact, the Department of Homeland Security (DHS) recommends eliminating as many connections as possible in critical infrastructure networks and, if connections are needed, converting them to a one-way out only architecture. That means hardware-enforce data diodes can lock down critical infrastructure devices and networks to prevent successful killware attacks.

It takes an ecosystem

Safety is the number one principle at all critical infrastructure facilities, and cybersecurity is a major component of that safety. With deadly new threats proliferating, operators simply must harden their cyber posture to protect their most important assets and data flows. Cybersecurity is a team sport: entities large and small throughout the supply chain are also vulnerable as potential conduits to the operator target. Everyone needs to understand their role and embrace prevention in earnest.

The good news is that by leveraging available standards and integrating proven hardware-enforced technologies as part of a defense-in-depth strategy, killware can be stopped.

KEYWORDS: critical infrastructure cybersecurity cyber attack cyber defense cyber security threat malware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dennis Lanahan is the Vice President for Critical Infrastructure Markets at Owl Cyber Defense.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber Liability Insurance: Moving from Insurance to Assurance; cyber security news

    How to protect businesses against the threat of ransomware attacks and the role of cyber insurance

    See More
  • SEC1119-awareness-Feat-slide1_900px

    Defending Against Ransomware: The Growth of Targeted Attacks

    See More
  • insider threats freepik

    Defending against insider threats in a remote world

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing