With this year's BlackHat 2024 conference wrapped up, here are the five major takeaways from the talks, trade show floor, and vendor pitches.
As always BlackHat 2024 provided critical insights into the ever-evolving cybersecurity landscape, with increased focus on cyber-physical systems (CPS) amongst the vendor pool. Here are the five key takeaways:
1. System Resiliency, Business Continuity, and Disaster Recovery
A major theme at BlackHat 2024 was the global outage caused by a failure in a widely deployed, single-point-of-failure agent. This incident highlighted the critical importance of designing systems for resiliency, especially in CPS where failure in one component can trigger widespread disruption across interconnected industrial control and OT systems.
The discussion centered on whether systems should be designed to fail safely in parallel, rather than sequentially, to prevent such cascading failures. For CPS, including those in IoT, IIoT, XIoT, and MIoT environments, this issue is particularly pressing. Traditional IT Privileged Access Management (PAM) solutions, which often rely on agents, share similar vulnerabilities because they require installing agents on every single endpoints they broker access to. In contrast, CPS-focused remote access solutions that operate in parallel provide a more resilient structure, mitigating the risks of single-point failures taking down an entire factory or safety line.
2. Cyber-Physical System Manufacturers Lag in Cybersecurity
Despite the increasingly sophisticated threat landscape, many big manufacturers of cyber-physical systems, particularly in industrial control and operational technology sectors, are still lagging in their cybersecurity efforts. Several sessions at BlackHat 2024 exposed the ongoing failures by these manufacturers and CPS software developers to integrate adequate security measures into their products.
A significant concern is the shift from UHF/VHF communications to 4G/5G within CPS, which has expanded the attack surface dramatically. Unfortunately, the necessary security controls have not kept pace, leaving critical infrastructure vulnerable. In short: claiming you're safe because you're encrypting data-in-transit is at best window dressing; at worst it's knowingly selling snake oil. Manufacturers are trying to redirect from discussions around investing in proper cybersecurity measures by talking about warranties and SLAs, but these justifications are becoming increasingly untenable as the risks grow.
3. AI is the New Blockchain: Overhyped, Underdelivering
Artificial Intelligence (AI) dominated the discussions at BlackHat 2024, with nearly every company showcasing their AI-driven solutions. However, there was widespread skepticism among CISOs, particularly in the context of industrial control and CPS. Many believe that the current AI hype is more about inflating company valuations than delivering practical, real-world solutions. (And yes, we've filed our fair share of AI patents at Dispel too).
While AI does show promise in certain areas, such as improving data query responses, its application in CPS, IoT, and related technologies like IIoT, XIoT, and MIoT remains limited. That said, AI is beginning to show promise in enhancing data query responses.
4. Living off the Land Attacks Persist
The "living off the land" attack vector continues to pose a significant threat to CPS, particularly in industrial control and operational technology environments. This tactic involves using legitimate software and functions within a system to carry out malicious activities, making detection particularly challenging.
CPS, which are often deeply integrated with local networks and have been in place long before current cybersecurity practices were developed, are especially vulnerable. Many of these systems, such as building management systems, are legacy technologies that bypass newer security measures, creating significant security gaps that can be exploited by attackers.
5. Cyber Insurance: The Unexpected Enforcer
Cyber insurance is emerging as a powerful enforcer of cybersecurity standards, particularly in the absence of stringent regulatory mandates. At BlackHat 2024, it became clear that insurers are increasingly requiring companies, especially those operating in industrial control and OT sectors, to adhere to frameworks like NIST 800-82, 800-53, and IEC 62443.
This shift has significant implications for CPS, as failure to comply with these standards could result in denied insurance claims. Non-compliance might be viewed as negligence, putting companies at risk of major financial losses. As a result, cyber insurance is becoming a critical driver for enforcing best practices in CPS security.
Conclusion
BlackHat 2024 underscored several critical imperatives for securing cyber-physical systems, particularly within industrial control and operational technology environments. First, the global outage incident serves as a stark reminder that system design must prioritize resiliency, with an emphasis on parallel, agent-less architectures to avoid catastrophic single-point failures. Second, the lag in cybersecurity adoption by CPS manufacturers—especially those transitioning to 4G/5G communications—poses an ongoing risk to critical infrastructure, demanding immediate corrective actions.
Third, while AI and blockchain technologies continue to generate buzz, their practical application within CPS remains limited. Stakeholders should focus on addressing existing vulnerabilities rather than chasing speculative solutions. Fourth, the persistence of "living off the land" attacks highlights the need for enhanced security measures in legacy CPS, which are often deeply embedded within organizations and bypass modern defenses.
Finally, the role of cyber insurance as a de facto enforcer of cybersecurity standards is a game-changer. Insurers are increasingly requiring adherence to frameworks like NIST 800-82, 800-53, and IEC 62443, with non-compliance potentially leading to denied claims. This shift places a tangible financial incentive on companies to improve their CPS security practices, ultimately driving better protection for critical systems.
These takeaways from BlackHat 2024 provide a clear roadmap for those responsible for securing cyber-physical systems: prioritize resiliency, close existing security gaps, and align with industry standards to mitigate risks in an increasingly complex threat landscape.
See you next year, and don't bet it all on red.
