No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’

Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence agency.

Looking at Examples of APTs

The potential impact of a wartime ICS cyber incident is hard to understate. ICS war games such as the Aurora Generator Test in 2007 have demonstrated that skilled attackers can cause lasting physical damage to industrial equipment. In that case, simulated attackers rapidly opened and closed protective relays out of sync with the attached diesel generators and ultimately caused the generator to tear itself apart, leaving behind a smoking pile of rubble.

Apart from endangering the physical safety of plant workers, this type of attack could lead to cascading failures lasting for a prolonged period. Attacks could create long-term disruption of electricity, water, fuel, and other municipal services. Attackers may also create industrial accidents jeopardizing the safety of plant workers as well as those in served communities. Whether it is losing heat during the cold Ukrainian winter or excessive pressure on natural gas lines leading into people’s homes, there is a strong potential for loss of life in the wake of a sophisticated ICS attack.

Even without destroying generators, determined adversaries can keep a power grid down for an extended period by using destructive malware to wipe IT machines and even firmware modules used for remote serial data access. Malware has been discovered in the wild with communication capabilities using major industrial protocols. Once the malware has gained access to an OT network, there is typically no need for further exploitation because the industrial protocols largely (Read more...)