The discovery of a malware tool targeting the operational technology in critical infrastructure like power plants and water treatment facilities is highlighting issues policymakers are grappling with in efforts to establish a regulatory regime for cybersecurity.
The tool enables the adversary to move laterally across industrial control system environments by effectively targeting their crucial programmable logic controllers.
“There are only a few places that can build something like this,” said Bryson Bort, CEO and Founder of cybersecurity firm Scythe. “This is not the kind of thing that the script kitty—the amateur—can all of a sudden, gen up and be like, ‘look, I’m doing things against PLCs.’ These are very complicated machines.”
Bort and other fellows of the Atlantic Council’s Cyber Statecraft Initiative hosted a webinar Friday on the new tool, which is built to commoditize cyberattacks on industrial control systems with a modular design that would make it more accessible to less skilled adversaries as well.
“These are not protocols you can just go up, and, like, do against, like [web application penetration testing,]” Bort said. “So the complexity of…
