Industrial Control Systems: Outdated, Hackable, and in Need of an Upgrade
In early June, Japanese automaker Honda was victimized by a cyber-attack that penetrated its computer networks and forced the company to halt production at factories all around the world.
The attack, which deployed a ransomware strain known as EKANS, also left employees unable to access emails or internal servers. Infections like EKANS are specifically programmed to attack factories’ industrial control systems (ICS), and have previously been used in attacks against a variety of industrial facilities like factories, power plants, utility companies and others.
These kinds of attacks against industrial control systems have the potential to cause catastrophic damage in a very short period of time by targeting critical infrastructure and are a constant threat, as a 2019 report from Russia-based cybersecurity firm Kaspersky Labs indicates that 42.7% of the American ICS computers that used their software last year were attacked by malware, email phishing, or other threats.
Hackers have the ability to completely shut down production of a global behemoth and demand huge payments in return for a return to normalcy. What would Hershey or Nestle do if their global computer system was turned offline until $10 million was wired into an electronic wallet?
Some of the more notable examples of previous attacks targeting Industrial Control Systems are:
March 2000: An attack in Queensland, Australia targeted the Maroochy Shire Council’s wastewater system. The attack specifically inhibited the communications sent by radio frequency (RF) to wastewater pumping stations.
The pumps failed to work correctly, and the alarms that were designed to notify system engineers of problems in the system did not activate as expected. After monitoring the signals passing through the system, It was eventually discovered that someone had breached the system and was interfering with the alarms.
After an investigation, the attacker was located and on April 23rd of 2001 the police discovered that the attacker, Vitek Boden, possessed a laptop and specialized Supervisory Control and Data Acquisition (SCADA) equipment which he had used to attack the Maroochy Water’s system.
Boden used the laptop and a radio transmitter to control as many as 150 sewage pumping stations. Over about a 90-day period, Boden released millions of gallons of untreated sewage into local parks and waterways.
In 2010, the attack that many experts describe as the first shot fired in the age of cyberwarfare, the “Stuxnet Attack” infected and damaged the industrial control systems of about one-fifth of the nuclear centrifuges in Iran.
In a testimony to the US Senate Homeland Security Committee, Dean Turner, an executive from cybersecurity firm Symantec, testified that the Stuxnet malware was a wake-up call to critical infrastructure systems around the world, as Stuxnet was believed to be the first known example of written code specifically designed to target Industrial Control Systems and grant hackers control of specific systems.
Part of what made Stuxnet so dangerous was its ability to self-replicate and spread throughout multiple systems.
On December 23, 2015, a major hack cut electricity to nearly a quarter-million Ukrainians. This attack is widely regarded as the first known successful cyber-attack against a country’s power grid.
The attack targeted an electric utility company located in western Ukraine and impacted a sizable area which included the regional capital of Ivano-Frankivsk.
Attackers cut the power at 30 substations and left over 230,000 Ukrainians without electricity for six hours.
The company's SCADA equipment was disabled, and power was restored manually.
Subsequent investigation discovered that hackers facilitated the outage using BlackEnergy malware to exploit macros in Microsoft Excel documents. The company was originally targeted and infected via a tainted spear-phishing email.
Attacks against Industrial Control Systems have the devastating potential to poison our water supply, shut off the power in major cities, and meltdown nuclear power plants.
As the government’s focus continues to remain on the ongoing coronavirus pandemic and various issues related to social justice and domestic terrorism, security professionals in the private sector must remain as vigilant as ever to support American intelligence agencies and law enforcement efforts.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including The Hill, Real Clear Politics, Townhall and American Thinker.
Edited by Pranshu Gupta, Calvin Ma & Alexander Fleiss