For decades, operational technology (OT) has enjoyed the luxury of being suitably inaccessible so as to experience directly targeted cyber attacks from only the most advanced and well-resourced adversaries. However, security via obscurity cannot last forever, and indeed a shift is happening whereby less advanced adversaries are showing an appetite for targeting OT. With this shift in adversary demographics, there will likely also be a shift in attack goals, from clandestine process degradation and espionage to overt cyber extortion (Cy-X). The consensus from OT cyber security practitioners suggests that, even if encryptionbased Cy-X techniques were launched against OT assets, typical recovery practices designed for engineering processes would provide adequate resilience. In response, this paper introduces Dead Man's PLC (DM-PLC), a pragmatic step towards viable OT Cy-X that acknowledges and weaponises the resilience processes typically encountered. Using only existing functionality, DM-PLC considers an entire environment as the entity under ransom, whereby all assets constantly poll one another to ensure the attack remains untampered, treating any deviations as a detonation trigger akin to a Dead Man's switch. A proof of concept of DM-PLC is implemented and evaluated on an academically peer reviewed and industry validated OT testbed to demonstrate its malicious efficacy.
In ‘Digital disaster, cyber security, and the Copenhagen school’, published in 2009, Lene Hansen and Helen Nissenbaum suggest ways in which securitization theory can help understand the politics of cybersecurity and cyberwar. What was significant about Hansen and Nissenbaum's article was the way it attempted to add newapproaches and questions to a topic that tended to occupy a space in an often highly technical discourse of security, technology and strategy, a discourse that extended in to all aspects of life in a digitizing society. This article asks: What should international relations scholars be doing in addition to the challenge and task – to become more interdisciplinary in order to be able to engage with the potential technification and hypersecuritizations of cybersecurity policy and discourse – that was set out in Hansen and Nissenbaum's article?
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.