Industrial facilities in Kazakhstan are poorly protected against cyberattacks
At the 5th Forum of Gold Miners of Kazakhstan, PhD (USA) and cybersecurity expert Arnur Tokhtabayev stated that cybersecurity is underdeveloped at industrial facilities in Kazakhstan, as reported by the tLab Technologies press service.
Historically, industrial facilities have paid less attention to cybersecurity issues. Five years ago, threat models were primarily directed towards organizations and corporate networks. However, recently, there have been threats specifically targeting technological enterprises. Over the past two years, there has been a more than 50% increase in cyberattacks on Kazakhstan's industrial sector.
«There are already several malicious companies targeting the industry. These modular malicious programs, such as Pipedream, allow attacks on programmable controllers and, consequently, technological facilities. In other words, the malware, by infecting supervisory control and data acquisition (SCADA) systems, penetrates the controllers that directly manage equipment, aggregates, and more», explained Arnur Tokhtabayev.
In terms of corporate security, the maximum damage is data loss and reputation damage. When we talk about industry, it involves the stoppage of technological processes and disruption of the operational regime. For instance, if it is the mining industry, losses can reach millions of dollars.
For example, in 2021, an attack on the American Colonial Pipeline halted the operation of all pipelines in the system for five days, leading to a gasoline crisis in the USA. There have also been attacks on water treatment facilities where hackers penetrated controllers and attempted to change the chemical composition of water, which could have led to the poisoning of the population.
«As long as there are various malicious programs, there will always be people who will use them. Today, the issue of cybersecurity at industrial facilities in Kazakhstan is underdeveloped simply because it is an emerging sector. However, industrial facilities in Kazakhstan should pay attention to this problem. It is much easier to prevent an attack than to deal with its consequences», concluded PhD in computer security Arnur Tokhtabayev.