December 1, 2022
The antidote to operational technology conservatism.
I’ve been saying it often – for years: antivirus is dead.
Such a statement might at first seem strange – especially from someone who’s been a mover and shaker since the very earliest days in all things viruses and anti-virus in the late eighties and early nineties. However, if you dig a little deeper into the AV (RIP) topic and consult some authoritative sources in the (former:) field, then the statement quickly becomes quite logical: first, “antivirus” has turned into protective solutions “against everything”; second, viruses – as a particular species of malicious program – have died out. Almost. And it’s that seemingly harmless, negligible almost that causes problems for cybersecurity still to this day – at the back end of the year 2022! And that almost is the basis of this here blogpost today…
So. Viruses. Those Red-Listed last remaining few – where are they these days, and what are they up to?…
It turns out they tend to reside in… one of the most conservative sub-fields of industrial automation: that of operational technology (that’s OT – not to be confused with IT). OT is “hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment, assets, processes and events” (– Wikipedia). Basically, OT relates to an industrial control systems (ICS) environment – sometimes referred to as “IT in the non-carpeted areas”. OT = specialized control systems in factories, power plants, transportation systems, the utilities sector, and the extraction, processing and other heavy industries. Yes – infrastructure; yes – often critical infrastructure. And yes again – it’s in this industrial/critical infrastructure where “dead” computer viruses are found today alive and kicking: around 3% of cyber incidents involving OT-computers these days are caused by this type of malware.
How so?