Targeted control system cyber attacks - not when, but how much damage

There have been many stories about cyber vulnerabilities of critical infrastructure with the tagline – not if, but when. However, there already have been many targeted cyber attacks against critical infrastructures from attackers ranging from disgruntled individuals to nation-states. Targeted control system cyber attacks (this does not include general viruses and worms that were not targeting control systems) are loss of view and/or loss of control and have affected electric power transmission and distribution systems, fossil power plants, nuclear power plants, hydro facilities, wind and water turbines, water/wastewater systems, vehicles, trains, transportation systems, fuel facilities, manufacturing, medical facilities, chemical plants, oil facilities including off-shore oil platforms, food/beverage, paper/pulp, and others.

Targeted control system cyber attacks have been identified in Australia, Brazil, Canada, China, France, Germany, Iran, Israel, Lithuania, Netherlands, Poland, Qatar, Russia, Saudi Arabia, South Korea, UK, Ukraine, and Venezuela. Examples of targeted ICS cyber attacks internationally include destruction of centrifuges, damage to blast furnace, loss of fuel loading, tilting of an off-shore oil rig, and significant environmental discharges. However, there have been almost no US government or NERC public identification of control system cyber attacks in the US despite the fact that targeted control system cyber attacks have occurred in US critical infrastructures with attendant damage. Examples of targeted ICS cyber attacks in the US include loss of electric and water SCADA, damage to manufacturing lines, shutdown of HVAC systems, and damage to facility equipment including critical motors.

 As identified in the Defense Science Board Task Force on Cyber Deterrence issued February 2017, critical infrastructures are vulnerable to cyber attacks. Consequently, there is a need to actively pursue a series of mitigations that include removing critical control systems from the Internet (see DHS ICS Monitor May/June 2015 recommendations), ensuring that updates are performed in a secure and documented manner, and minimizing insider threats by making the systems unavailable to all but trusted users. Additionally, there is a need to focus on resilience and recovery as malware is already in many control system networks.

Joe Weiss

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

  • What is the percentage of attacks in the UK in comparison to those in Canada? Are they interrelated? I was working on essaydune blog for Canadian students, when I heard about the attack. Can it cause damage to the static websites?

    Reply

  • You can ship your packages through parcels and couriers in US via USPS Tracking

    Reply

  • I think most of the companies are now opting for centralized control systems since they are much safer than the cyber security schemes. Reports are suggesting that more hackers are targeting the systems now. Hope that new advancements will be introduced soon. CCCHC free hiv and std testing

    Reply

  • free happy wheels game website i like most play on this online game website which is really a wonderful and nice online game website. happy wheels online GUYS YOU CAN GO AND PLAY ON THIS PORTAL

    Reply

  • Download apk psiphon 3

    Reply

RSS feed for comments on this page | RSS feed for all comments