We are used to hearing about cyber-attacks and the massive damage they cause to those affected. You do not need to go too far back to find some examples, such as the leaking of the photographs of celebrities in a compromising situation last summer or more recently, the mass attack on Sony that leaked several unreleased movies.
The attacks against the integrity and reputation of the production company and celebrities are serious, but we do not often see that the consequences of these crimes result in tangible material damage. Although various cases have been recorded, they have not gone beyond the borders of their countries because they do not have the same public nature as Sony and the Hollywood stars.
While we carefully followed the latest events in the Sony case this Christmas, another event took place in Germany. Just before the holidays, the German government published a report that detailed how a group of cyber-criminals had attacked a steel mill in the country.
The cyber-criminals manipulated the facility’s control systems. When one of the blast furnaces exploded, the detection and extinguishing equipment failed, resulting in massive damage (which is not specified in the document).
The case of Germany is not the first case of a computer attack that resulted in physical damage. Another earlier example is that of Stuxnet, a spy malware that reconfigures industrial systems. It was used by the United States and Israel against Iran at the end of 2007 and the beginning of 2008. They used it to sabotage the centrifuges at a uranium-enrichment plant.
The malware was not discovered until a couple of years later, in 2010. Since then, experts have been warning that something similar could happen again, and perhaps with worse consequences.
Major vulnerabilities have been detected in the equipment and systems that manage not only corporate and industrial facilities but also those that control the power supply of a town, water treatment plants and even hospitals and government offices.
However, there is some doubt about the veracity of the attack on the German steel mill. The report that attests it, compiled by Germany’s Federal Office for Security Information, says that the cyber-criminals accessed the steel mill’s network and from there, they took control of production and the equipment.
According to the report, the event could have been triggered in two ways: either through an email message carrying hidden malware or a downloaded file that allowed the malware to install itself on a computer. Once it had reached one computer, it was able to spread across the company’s network.
The German office’s report does not refer to the name of the company, when the first attack took place, how long it took for the explosion to occur or if the fire was actually part of the cyber-criminals’ plan. Although the last question shows that, intentionally or not, cyber-criminals can cause significant physical damage.
The experts who reported the findings say that the probability of this type of cyber-attack happening again is increasing and, therefore, measures should be taken to prevent them.
One of them is to separate management and administration networks from those that control production and machinery. In this way, cyber-criminals will not be able to reach the latter via the Internet.
They also warn that a system is only isolated when it is not connected to a computer with an Internet connection. Many companies believe that it is enough to use a firewall as a barrier between the two areas, but it could be incorrectly configured or have security flaws that make it vulnerable.
Everything suggests that more effort should be made not to leave any weak spots. Not only is valuable corporate information at risk of being disclosed, but a cyber-attack could have physical consequences as serious as they are unpredictable.