Hacking Leads to Physical Damage

In only the second time in history, a cyber attack has lead to actual damage at a steel mill in Germany at the end of last year. The attack on a steel mill left the plant with huge amounts of damage after hackers remotely accessed the control systems that controlled the blast furnace. The attack meant that the furnace could not be shut down properly, as the hacking leads to physical damage.

The first time that a cyber attack has physically damaged a target happened back in 2007/2008 when it was revealed that a joint attack by Israel and the US on Iran, which targeted a uranium enrichment plant. Experts back in 2010, when the attack was revealed, predicted a dangerous step towards further destruction through cyber attacks.

Industrial systems, like the steel mill in Germany, are vulnerable to remote attacks due to the nature of how their systems work. Worryingly, many facilities run like this, including water supplies, electrical grids, hospitals and chemical plants are just some of the facilities which could be affected by an expertly executed hack, potentially affecting entire cities. As the technology of systems increase, so do the abilities of those who seek to carry out attacks remotely, leaving entire cities and countries open to cyber attacks unless these systems are kept offline, physically unable to be accessed remotely.

It is believed hackers gained access to the steel mill through the company’s business network, where they gained further access to the actual control systems for the plant. The hackers managed to gain complete control after sending a phishing attack through email. When an employee opened an email supposedly from a trusted source, malware was downloaded and installed within the system, allowing control remotely. Further details of the attack are not known, including how long the hackers had access before the physical damage took place, or why the attack even occurred in the first place.

The implications of this attack are far reaching, if hackers possess the know-how to hack control systems like the steel mill, then there is no limit to what systems can be targeted, The only safeguard from these kind of attacks would be to completely isolate these control systems from the internet, physically removing the systems from any remote access. A firewall, at present the only real protection companies have, is clearly not enough to prevent hackers.