DATAMINR GUIDE TO

Cyber-physical
Security Convergence
Securing Your Business in a Hyperconnected World
 The physical and digital worlds have never been The need to secure this hyperconnected,
more connected. Smartphone apps let us order blended reality has made cyber-physical security
items online for in-store pickup, and disruptions convergence a critical business imperative for
to airlines’ digital systems can ground entire organizations. It’s why we created this guide to
fleets. While there are benefits to this increasing cyber-physical security convergence—to help
blend of worlds—such as reduced friction and security leaders and teams:
streamlined processes—when threats in the
digital domain cross over to the physical domain • Understand how convergence came to be
and vice versa, the consequences can be palpable • Explore the current state of convergence,
and significant. including real-life examples and clear
definitions
• Assess their convergence readiness
• Get tips and best practices for mitigating
cyber-physical risks

Take for example, a 2023 cybersecurity survey of It’s important to note that, in this guide,
healthcare organizations. It found that: convergence refers to risks originating in the cyber
domain becoming real and significant threats

80%
in the physical domain—or vice versa—even if
of respondents experienced an
there is no inherent digital connection. The risks
average of 40 cyber attacks over
themselves are called cyber-physical risks or
a 12-month period. Many of those
threats. And they are here to stay thanks to our
same organizations said that cyber
hyperconnected world.
attacks negatively affected patient
care and safety—and contributed
to a rise in mortality rates.

© Dataminr 2024. AM0423 Dataminr Guide | 2

 The Language of
Cyber-physical

Cyber-physical Security Cyber-physical risks Cyber-physical

Security Convergence convergence The result of risks that systems (CPS)
The increasingly blurred have converged, creating Intelligent systems
When an organization's
line between risks in the hybrid threats that exist engineered to connect
cyber and physical security
cyberand physical domains, in both the cyber and the physical to the digital,
operations are combined
whereby a risk that physical domains. They allowing interaction
into a single, unified
originates in one domain include cyber-physical between the two domains,
security function.
has a significant impact systems risks, but are e.g., autonomous cars and
on the other. broader in nature. smart grids.

© Dataminr 2024. AM0423 Dataminr Guide | 3

 Dataminr Cyber-physical HOW WE GOT HERE:

Threat Spectrum Hyperconnectivity

Dataminr views the cyber-physical risks on a threat
Creates a Larger
spectrum. At one end are kinetic events that affect the
cyber infrastructure of organizations. At the opposite end
Attack Surface
are cyber events that affect the physical domain, such as
attacks against critical infrastructure. In the middle of the The exponential growth of cyber-physical threats can be
spectrum is geopolitical instability that causes disruption. attributed to the increasingly global nature of our world
and the fact it is more connected than we ever thought
possible. Today, there are approximately 15.14 billion
Internet of Things (IoT) devices worldwide. By 2030, that
number is expected to rise to approximately 29 billion.
Devices include:
Kinetic Geopolitical Cyber
Events Instability Events

• traffic light sensors

• industrial machinery thermostats
• healthcare equipment and monitoring tools
• point-of-sale retail software

This widespread use has created a much larger surface

area of risk for nearly all types of organizations.

© Dataminr 2024. AM0423 Dataminr Guide | 4

 Additionally, digitization—both in business and
our everyday lives—is occurring at an exponential

“
rate, with 90% of the world’s data being generated
between 2019 and the present. Bad actors are a
real and intensifying threat to that vast volume
We live and work in a world of data as well as the people, places and things
associated with it.
of networks and a densely
connected network of people
to people and devices Take the case of a large data center in Paris catching
fire in April 2023. While the fire was caused by a
to devices.” mechanical issue, the effects extended beyond the
physical damage, and into the cloud. Messaging
— Jack Carraway, services, search engines, hosting services
Director of Corporate Solutions Practice at Dataminr
companies, and local municipalities all went dark.
The physical safety of the center, as well as the
digital operations it controlled, needed a rapid
incident response.

© Dataminr 2024. AM0423 Dataminr Guide | 5

 Examples of cyber-physical risks
Cyber-physical risks are not a new phenomenon, but the
frequency and scale at which these threats occur continue
In February 2022, three European port oil facilities experienced ransomware
to grow each year. Below are some of the most high-impact
attacks, disrupting technology systems and impeding the delivery of oil from
incidents within the past two years.
large terminals such as Oiltanking in Germany, SEA-Invest in Belgium and Evos
in the Netherlands. It was speculated that the attacks were the result of a
coordinated geopolitical response to the conflict between Russia and Ukraine.

Colonial Pipeline, which is the source of approximately

45% of the fuel on the East Coast of the U.S., was
shut down for six days after an attack by a Russian
ransomware gang. Gas shortages ensued and a
declaration of emergency was declared in Washington,
D.C. and 17 states.

In November 2023, DP World Australia—one

of Australia’s biggest port operators—suffered
from a security breach that led to a shutdown
of operations at key eastern ports, resulting in
a substantial backup of cargo.

In August 2023, a cyber attack on Prospect Medical

Holdings, which operates medical facilities in several
states across the U.S., forced hospitals to close
emergency rooms and ground ambulances. With a single In December 2023, a massive cyber
attack, available healthcare services were severely limited attack by an Israel-linked hacker group
for the populations for five disparate regions. disrupted services at around 70% of
Iran’s petrol stations.

© Dataminr 2024. AM0423 Dataminr Guide | 6

 Johnson Controls International, a manufacturer of Kaseya, an IT solutions company, experienced a supply
industrial control systems, physical security alarm chain ransomware attack in July 2021 that triggered
systems and facility-related technology and infrastructure, a customer breach with a minimal effect on its direct
experienced a ransomware attack in September 2023 customers, but the impact trickled downstream and caused
that disrupted its internal systems and had potential the temporary closing of 800 grocery stores in Sweden.
implications for its customers, including the U.S.
Department of Homeland Security.

In November 2022, trains run by Danish railway

company DSB were halted due to an attack on a third-
party software vendor. The attack caused the vendor
to turn off power to DSB’s servers, which impeded the
ability of the trains to run.

The Irish healthcare system was toppled by a

In September 2023, MGM Resorts ransomware attack that resulted in 700GB worth of stolen
sustained a cyber attack impacting patient data, and silenced hospital computers for more
electronic payments, slot machines than a week. Patients experienced extensive appointment
and room keys at resorts in multiple cancellations, inaccessible records and an inability to
locations. receive testing and treatment services.

© Dataminr 2024. AM0423 Dataminr Guide | 7

 Global response to
cyber-physical risks GOVERNMENT RECOGNITION

“
Recognizing the surge in cyber-physical risks and
the urgent need to have a more holistic, innovative
approach to respond to those threats, a number We must make our cyber-physical infrastructure
of regulators and governments have developed resilient. Fortifying the resiliency of our critical
new regulations and initiatives. The U.S. has infrastructure will require a substantially deeper
responded by creating a working group dedicated partnership between the public and private sectors
to strengthening cyber-physical resilience with the to focus attention and to unleash deeper investment.
goal of finding new approaches to the problem;
experts from academia, and the public private Resilience entails the ability of a system to anticipate,
sectors will be consulted. withstand, recover from, and adapt to cyberattacks
and natural or accidental disruptions.”
The European Union has followed suit. In
December 2022, the European Commission issued — U.S. President’s Council of Advisors on Science and Technology
the new NIS2 Directive, which seeks to boost cyber
and physical resilience of EU critical entities and
networks by expanding the sectors and types
of entities falling under its scope. These include
digital infrastructure such as public electronic
communications networks and services, as well
as physical infrastructure like manufacturing of
critical products, and postal and courier services.

© Dataminr 2024. AM0423 Dataminr Guide | 8

 Assess Your Cyber-physical
Security Convergence
Readiness
Use this checklist to evaluate your organization’s
preparedness to manage cyber-physical risks:

Are you engaging with all internal teams to Is your budget adequately allocated to address
understand the full scope of digital connectivity both cyber and physical risk?
and associated vulnerabilities?

What processes are in place should a cyber risk

Is there a review system in place whenever new become a physical risk or vice versa?
technology is developed or contracted to ensure it
meets standards and does not undermine security?
Is cyber-physical security convergence a priority
for the senior management and the board?
Is there strong collaboration between cyber and
physical security executives?
Does your security operations operate through
a holistic lens, incorporating all potential areas
Are you educating leadership about potential of threat: cyber, physical, reputation, operations,
cyber-physical risks at regular intervals and legal, human resources, etc.?
running scenario planning exercises outlined in a
shared playbook?

© Dataminr 2024. AM0423 Dataminr Guide | 9

 Best Practices to
Adopt to Strengthen
CYBER-PHYSICAL COLLABORATION
IS A MUST Resilience Against

“
Cyber-physical Risks
There are still a lot of companies out
there that are siloed, and a lot of CSOs Ensure cyber and physical
who do not want to touch any part of
cybersecurity. They don’t necessarily security teams work in lockstep
understand it. They fear it in some cases,
Many organizations operate their cyber and physical
because they haven’t taken the time to
security teams as distinct, standalone disciplines with little
learn about it. Those are the companies to no collaboration on managing risks. This is no longer
that are at the greatest risk, because all tenable and calls for all organizations to ensure both their
of the resources that could be used to cyber and physical security teams have a formal means
identify and mitigate a problem are not of communication and a standard of collaboration—
being used properly.” ensuring that when threats emerge, they see past their
area of responsibility and understand the attack from a
— Dave Komendat, holistic security perspective.
former Vice President & Chief Security Officer at
The Boeing Company
Although some organizations have opted to combine
their cyber and physical security teams into a single
unified function, that is only one approach. Many
businesses forgo that model and instead focus
on ensuring they have effective collaboration and
communication between the two teams.

© Dataminr 2024. AM0423 Dataminr Guide | 10

 What’s most important is that cyber and physical security Develop and maintain a shared playbook
teams have a shared commitment to work together to Work together to develop cohesive strategies and
prepare for and respond to cyber-physical attacks. To do so action plans. With multiple players, potentially in
successfully, those teams should consider the following actions: multiple departments, it is essential to have a well-
documented, agreed-upon and easy-to-follow set of
Identify and close gaps between cyber processes that uses common language and supports
and physical security consistent response.
• Conduct a formal risk assessment to uncover points of
intersection, shared dependencies and cascading effects. Clearly delineate roles and responsibilities
• Consider cross training and orientation, so that there is a Within the cyber and physical security teams, outline
degree of mutual understanding. specific roles, responsibilities and organizational
• Begin working as a coalition so that the teams can hierarchies so there is complete task clarity for all
collectively advocate for their shared priorities and involved in incident response.
resource needs—both cyber and physical, as well as other
risk management areas. Ensure business continuity
Appoint a project leader for each team and leverage
established frameworks to respond to any disruption
while safeguarding operations. Identify the most
essential functions, how they should be maintained and
what needs to be done to mitigate immediate risk.

Fortify business resilience

Maintain the focus on team collaboration and establish
a transparent and standardized process for timely
information sharing with the goal of protecting long-
term business value.

© Dataminr 2024. AM0423 Dataminr Guide | 11

 Keep an eye on regulations,
tech and your industry

01 Meet the required industry regulations

and government legislations but
also identify any additional criteria
03 Know what’s percolating within your
industry, but also in adjacent sectors, and
react accordingly. Communicate with
View Aquire
Regulations as that need addressing in order to Industry industry peers to learn how they are
the Floor, not strengthen the organization against Insights managing cyber-physical risks. Ask
the Ceiling potential threats. questions around phishing campaigns and/
or ransomware groups and industry-based
vulnerabilities and vendors, including control
systems or software platforms.

02
Find a software solution that will
provide both the cyber and physical
security teams with a shared,
Employ
accurate and single picture of reality

04
the Right Remember that strengthening resilience
Technology and surface the most relevant threats.
against cyber-physical risks is a dynamic,
This calls for an AI-powered solution
Accept the continual process with lessons learned
that can keep pace with the scope,
Job is Never and adjustments made on an
number and frequency of emerging
Done ongoing basis.
threats and ensure nothing is missed.

© Dataminr 2024. AM0423 Dataminr Guide | 12

 The Time to Act Is Now
THE VALUE OF REAL-TIME,
What matters most when it comes to cyber-physical
ACTIONABLE INTELLIGENCE ON
risks is having the right people, processes and
CYBER-PHYSICAL THREATS
technology in place to prepare for and respond
to risks that affect both the digital and physical
On July 4, 2023, there were reports of
domains—creating a holistic view of risk that allows
operational disruptions at Nagoya Port in
security teams to collectively identify which hybrid
Japan, which were later found to be associated
threats can impact their organization and ascertain
with a LockBit 3.0 ransomware attack. The
their ability to withstand such risks. Risks that exist
disruptions caused a system failure that shut
on a threat spectrum of kinetic, cyber and geopolitical
down port operations, affecting 10% of all
events. Risks that will continue to increase and evolve
Japanese trade for two days. given today’s unpredictable and ever-changing threat
landscape and hyperconnected world.
Our AI-powered Dataminr Pulse for Cyber
Risk solution immediately recognized that Security leaders that understand this critical mandate
this event fit the profile of a cyber attack will take action now to build and/or strengthen their
and alerted Dataminr customers of the cyber-physical security convergence strategies. The
disruptions in real time—six hours earlier than result: the organizational, operational and technological
other reports. Customers’ cyber and physical resilience needed to not just mitigate cyber-physical
security teams were then able to quickly risks, but for the organization to grow and innovate
initiate incident response and continuity amid major disruptions, threats and crises.
planning, allowing them to minimize the
effects of supply chain disruptions.
See how Dataminr Pulse for Cyber Risk helps
CISOs and CSOs stay ahead of and respond to
cyber-physical risks faster and more effectively.

BOOK A DEMO

© Dataminr 2024. AM0423 Dataminr Guide | 13