• It may sound like science fiction, but bodily harm is the next frontier in cyber risk. Even though most cyber attacks — and computer failures — don’t start out with destructive intent, the unintended consequences of even a simple ransomware attack or systems failure can, and increasingly will, have physical consequences.
• The root of this cyber-physical risk is that computers now control nearly every mechanical process. Cars, for example, have essentially been turned into giant computers. When you apply pressure to the brakes you no longer trigger a mechanical response, but dispatch an electronic signal that travels through the car’s onboard computer.
• Any attack or failure that cripples the computer systems of an organization can now disable critical safety systems, impair manufacturing processes, or even disrupt access to power, water, coolants or other critical resources.

EXAMPLES

• Perhaps the most direct link between hacking and destruction occurred in a 2015 cyber attack against a German steel mill, in which hackers disrupted a control system to such a degree that the mill’s blast furnace could not be properly shut down.
• A Ukrainian power plant was similarly hacked, resulting in the sabotage of a regional electricity distribution network.
• From a 2017 breach of the UK’s NHS to a ransomware attack against Merck later in the same year. Both attacks caused wide-reaching systems shutdowns and, in the case of Merck, disruptions to the production of numerous medicines and vaccines.
• Earlier this year systems failures at fertility clinics in California and Ohio resulted in the damage and destruction of thousands of human eggs and embryos.