Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalTechnologies & SolutionsSecurity Leadership and ManagementSecurity & Business Resilience

If You Give a Hacker a Storm…

By Nick Cappi
Weather radar

Image via Unsplash

March 22, 2023

Say what you want about cybercriminals, but they are certainly opportunistic and all too willing to take advantage of misfortune. Natural disasters are no exception.

The perpetual struggle with operational technology and industrial control systems is that they were designed with one thing in mind: reliability. These systems are meant to run 24/7 with minimal downtime and, unfortunately, maximizing security often comes second to that. On the bright side, there are three problems (or opportunities) on which to focus that will significantly reduce an attack surface while still ensuring that systems are reliable and resilient: Preparation, practice and people.

Preparation

“Lightning doesn’t strike twice,” right? Wrong. This is especially true when there is a large metal target of critical infrastructure involved. Experiencing an attack is not a question of if, but when. Operators have to be prepared to respond to attacks, even in the event of a natural disaster, to get back up and running and lower the mean time to recovery (MTTR).

The preparation and planning phase, also known as the prevention phase, should involve leaders in multiple areas of the business to make sure key factors such as joint communication and collaboration, public safety and the unique aspects of each affected industry aren’t overlooked. Consider the impact to workers, the general public, customers, the environment and all other stakeholders to make a holistic plan.

An attack surface is likely to be higher just after the incident because any restoration activities are going to leverage new or used equipment. While that equipment may match the business’s hardening standards, often it does not. Backup and recovery strategies are a must when trying to ensure resiliency. Automating the process of collecting trusted restore points is one technique to make sure backups are up-to-date and ready to launch.

Practice

In addition to having backup and restore points in place, operators need to know how to act on a plan. Table-top exercises to practice emergency situations need to be constantly drilled and revised to make sure the business is resilient.

Recovery begins immediately after a crisis occurs, but when the alarms are sounding, it’s easy to get overwhelmed and overlook the processes in an emergency management plan. Pre-determined protocols are only useful as long as they are acted on properly. Trained staff and volunteers also need to know whom to contact for support in such events. For example, designating the right people to contact specific government officials, agencies or other personnel that are also trained in emergency response is a must-have in these critical situations.

People

The inconvenient truth is that OT/ICS security teams are typically understaffed and, in a disaster event, it is likely that all hands are on deck to deal with the most glaring issues. Meanwhile, in the background, hackers could be hiding behind the alarms and confusion to slip by unnoticed.

Anytime something out of the ordinary occurs, unexpected weaknesses may be exposed. In this case, it is likely there will also be a significant weakness around personnel and the skills gap. The people responding to these events are dealing with a lot of unknown conditions, thinking and acting on the fly as they execute activities that they aren’t familiar with. This is going to lead to missteps and mistakes along the way, which slow down restoration activities.

Granted, skills and training are not a problem that can be tackled overnight. It’s up to the industry – vendors, operators and the government – to work together to address the needs of workers. As the workforce ages and fresh talent is brought in, there is a balance to strike between making the technology accessible and bringing it up to speed to match modern standards.

While the winter may bring snowstorms and blizzards, natural disasters are present throughout the year. Extreme heat, hurricanes, earthquakes and any number of unexpected events can happen at any time. Constant evaluation of plans, practices and people ensure an organization is not hit with a two-for-one special.

Protecting the business and its people isn’t just good business sense – it’s common sense.

KEYWORDS: attacks cybercriminal disaster planning natural disaster recovery security teams

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Nick Cappi is VP of Portfolio Strategy and Enablement, OT/ICS Cybersecurity at Hexagon’s Asset Lifecycle Intelligence Division.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Hire a Hacker: A 2013 Security Imperative

    See More
  • hacker-freepik

    Thinking like a hacker: Protect your company from cyberattacks

    See More
  • Rows of keys

    Nearly 10 billion stolen passwords were leaked on a hacker forum

    See More

Related Products

See More Products
  • The Database Hacker's Handboo

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing