Bedrock Commentary on 2021 Predictions

The COVID-19 pandemic sidelined many of last year’s cyber security predictions, but there is a new slate.  Dan Lohrmann, writing in govtech.com, reviewed many of this year’s predictions. We present some of his selections here, with comments on how they might relate to the industrial control space.

• There will be huge security impacts in the coming year from the move to work from home (WFH) fueled by COVID-19. More attacks will occur on home computers and networks, with bad actors even using home offices as criminal hubs by taking advantage of unpatched systems and architecture weaknesses.

This made just about everyone’s prediction list. More and more critical data moving across public networks increases the need, not only to secure the content that is moving across those networks, but also to implement security at both ends of the channel.

• The rush to cloud-everything will cause many security holes, challenges, misconfigurations and outages.

For many companies, the “rush to cloud” is not optional but essential for economic survival. It can be done with negligible cyber security risk. See how one upstream oil & gas solutions provider solved it with Bedrock Automation.

• More growth in the security industry. Our numbers of new products and new year mergers and acquisitions will cause network complexity issues and integration problems and overwhelm cyber teams.

From an industrial control system perspective, we find this somewhat troublesome. We can’t help but wonder how much of that growing complexity is needed to compensate for the continued vulnerability of mainstream control systems and automation devices.

• Identity and multi-factor authentication (MFA) will take center stage as passwords (finally) start to go away in a tipping-point year.

Certainly, a step in the right direction, but for the industrial space, this authentication needs to take place on a much grander scale and in real-time, within the control electronics, where Bedrock has had it from the beginning.

• Tons of high-profile Internet of Things (IoT) hacks, some of which will make headline news.

This was written in December, before the news of the SolarWinds hack – so maybe this one has already come to pass.

• Ransomware will get worse and worse — with new twists, data stealing prior to encryption, malware packaging with other threats and very specific targeting of organizations.

This is another prediction that has appeared on just about everyone’s 2021 prediction list.  Everyone in the OT space is expecting to see more ransomware because it requires little control expertise to mount an attack, and it often pays off.  So far it has been used primarily to extort money.

• Lots of 5G vulnerabilities will become headline news as the technology grows.

This is inevitable, especially as 5G enables faster transmission of industrial data.

• Advanced Persistent Threat (APT) attacks will be widely available from criminal networks. The dark web will allow criminals to buy access into more sensitive corporate networks.

Or nation states, ala SolarWinds.

• Mobile devices, including smartphones, will be attacked in new ways, including app stores.

Perhaps relating to the increase of mission critical data moving across public networks, if not secured.

• Cryptocurrencies will play new roles, with criminals switching often for hiding advantages.

In the industrial space, this relates primarily to the increase in ransomware.

• As digital transformation projects grow, many plans will implode as security challenges mount.

Unless of course, they build on Bedrock.