Full Report
Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. Below we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.
Analysis Summary
# Industry News: ICS Cyberthreats in 2023 – Forward-Looking Trends for Industrial Security
## Summary
Kaspersky’s ICS CERT has released its 2023 outlook for Industrial Control Systems (ICS), highlighting a shift toward more geographically targeted attacks and a broadening of threat actor motives beyond financial gain. The report emphasizes the escalating risks posed by geopolitical instability and the accelerated integration of IT and OT (Operational Technology).
## Key Details
- **Date:** November 22, 2022
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Market Analysis and Predictions
## The Story
Following a year of high-frequency incidents in 2022, Kaspersky’s analysts have identified several key vectors likely to define the 2023 industrial threat landscape. Central to their thesis is the "normalization" of advanced persistent threats (APTs) targeting critical infrastructure. The report predicts an increase in ideological and geopolitical attacks (hacktivism), a rise in the use of "wiper" malware to disrupt operations, and the continued professionalization of Ransomware-as-a-Service (RaaS). Furthermore, as industrial sectors pursue digital transformation, the blur between IT and OT security perimeters is creating new, unmanaged entry points for attackers.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Strengthens its position as a thought leader in the niche but critical ICS/OT security market, despite geopolitical headwinds affecting the brand in certain Western markets.
### For Competitors
- **Competitive landscape impact:** Firms like Dragos, Nozomi Networks, and Claroty will likely pivot their marketing to address "operational resilience" and "supply chain integrity" in response to the rising wiper and hacktivism threats identified.
### For Customers
- **Impact on end users:** Infrastructure operators face increasing insurance premiums and more stringent compliance requirements. There is a heightened need for "air-gapping" alternatives and more robust incident response plans.
### For the Market
- **Broader market implications:** We expect to see a surge in demand for Managed Detection and Response (MDR) services specifically tailored for industrial environments, as the talent gap in OT security remains a primary bottleneck.
## Technical Implications
The report highlights the rise of specialized industrial malware designed to exploit protocols specific to PLCs (Programmable Logic Controllers) and RTUs (Remote Terminal Units). There is also a notable shift toward secondary supply chain attacks, where attackers target the smaller software vendors and service providers that maintain industrial equipment.
## Strategic Analysis
- **Market Positioning:** Security vendors are moving from "visibility-only" tools to active "prevention and response" platforms within OT environments.
- **Competitive Advantage:** Organizations that adopt a "Secure-by-Design" architecture for their industrial IoT (IIoT) deployments will gain a long-term cost advantage over those relying on retrofitted security.
- **Challenges:** The ongoing global supply chain volatility makes it difficult for companies to replace vulnerable legacy hardware, leaving a "perpetual vulnerability" window open for attackers.
## Industry Reactions
- **Analyst opinions:** Most analysts agree that the "deterrence" model for critical infrastructure is failing, as non-state actors (hacktivists) are less deterred by international legal norms.
- **Expert commentary:** Security experts are emphasizing the transition from "cybersecurity" to "cyber-physical safety," acknowledging that a breach in 2023 could have tangible human consequences.
## Future Outlook
- **Predictions:** Expect an increase in "low-noise" attacks that focus on data theft/industrial espionage rather than immediate disruption, as attackers seek to monetize intellectual property.
- **What to watch for:** Watch for the emergence of AI-driven automated scanning tools used by attackers to identify specific versions of vulnerable industrial software across vast IP ranges.
## For Security Professionals
Practitioners should prioritize the auditing of remote access points (VPNs and RDP) used by third-party maintenance contractors, as these remain the path of least resistance. There is an urgent need to bridge the cultural gap between "IT security" and "Plant Operations" teams to ensure cohesive incident response during a crisis.