Developed nations are likely to have created and covertly deployed malware in industrial control systems (ICS) used in other countries in case it ever needs to be used in a conflict.
Anthony Kolish, a senior vice president at FireEye, is convinced that this has happened but said that evidence of such actions may never come to light.
“I think the thing that makes this hard to peg is that, once you do it, it’s hard to turn back. So malware may be lurking in infrastructure that can be used in a conflict if it escalates to a point that it needs to be used," he told V3.
“But when you use it, that tips your hand and it’s then out there, so the stakes are very high. It’s a geopolitical issue and you just never know.”
Security experts have often talked of the threat to ICS environments. A major attack on an ICS in Ukraine last year left power stations offline in an incident that many believe was coordinated, or at least backed, by the Russian government.
The attack was a high-profile example of the growing threat to ISC environments, and Kolish cited the scadahacker.com website as an example of how often ICS flaws are discovered and made public, some of which FireEye itself has found.
“There are literally thousands of ICS vulnerabilities and the pace of discovery is increasing all the time. FireEye found one last year that had Stuxnet-like capabilities that was capable of feeding fake user interface information to the people that were monitoring systems to mask what was going on,” he said.
The Stuxnet worm is another example of the lengths to which governments have already gone when using cyber weapons against rivals. The US and Israel are widely believed to have developed such tools to use against Iran.
This increase has alerted more industries to the threat posed by industrial system hackers, and the healthcare sector is particularly concerned, according to Kolish.
“It first emerged after the Anthem breach of 2014 and in the last six months we’re seeing more healthcare providers saying they are getting concerned about the potential for medical devices and systems to be hacked," he said.
“With these types of incident we’re not just looking at loss of money or intellectual property but injury or loss of life, so the sense of rush is much higher.”
The growing threat from cyber attacks has prompted the UK government to invest millions in improving defences, although a director at CESG admitted that this money might have been better spent on fixing older systems instead.
Facebook told by Brussels-based court to stop tracking non-users and to delete all data held on them
Supply chain and manufacturing experience could give Dyson an important edge
New VR Zone Portal arcades open in London and Tunbridge Wells
Systems-on-a-chip with integrated AI features could make voice and facial recognition