top of page

Click on image below to access report

2023 Threat Report

2023 Threat Report

Published By:

ICSSTRIVE & Waterfall Security Solutions


Andrew Ginter, VP Industrial Security | Waterfall Security Solutions Gregory Hale Editor & Founder | Industrial Safety and Security Source Rees Machtemes Director of Industrial Security | Waterfall Security Solutions Monique Walhof Consultant | Industrial Safety & Security Source Jesus Molina Director of Industrial Security, Waterfall Security Solutions Courtney Schneider Cyber Policy Research Manager, Waterfall Security Solutions





Executive Summary

The Waterfall / ICSSTRIVE annual threat report documents public reports of deliberate cyber attacks – not instrument errors or human errors and omissions – attacks that caused physical consequences in process manufacturing, discrete manufacturing, and critical industrial infrastructures.

These attacks with physical consequences turned from a theoretical problem in the 2010-2019 decade, into a very real problem this decade. In 2022, these attacks increased 140% over the previous year and impacted over 150 industrial operations. At this rate of growth, we expect cyber attacks to shut down 15,000 industrial sites in 2027, that is: in less than five years.

Hacktivist attacks that deliberately cause physical consequences are increasing – 2022 saw six such attacks, the largest of any year in history. Of the remaining attacks, the vast majority are ransomware, and in most ransomware attacks, only the IT network was impaired, not the OT network. Nonetheless, in all ransomware attacks we track, there were physical consequences, either because physical operations relied on crippled IT systems for minute-by-minute operations, or because ransomware victims did not trust the strength of their OT security systems and so shut down operations “in an abundance of caution.”

Looking forward, we predict that because of the steadily increasing number of critical infrastructure outages, governments in many jurisdictions will order critical infrastructure owners and operators to implement dramatically stronger cybersecurity measures.

Worse, we note that natural language artificial intelligence tools such as ChatGPT have the potential to enhance cyber attack capabilities and so materially accelerate the growth of cyber attacks with physical consequences. On the other hand, we also observe that the new Cyber-Informed Engineering initiative has the potential to materially improve the strength of OT security postures, even in the face of nation-state-grade ransomware and AI-powered cyber attacks.

Finally, as an aid to interested readers and other researchers, Appendix A includes a comprehensive list of all cyber attacks with physical consequences in the industries we track since 2010, with links to public resources describing the attacks.

bottom of page