Outwardly, everything seemed normal. But deep inside the digital walls of the petrochemical plant, hackers were quietly infiltrating its online system after breaching firewalls, cracking the safety code and then wandering into virtual networks to explore which to shut down.
After some probing, they plugged into a lever and overrode safety valves, triggering calamitous gas leaks that led to an explosion, destroying the plant and disrupting supplies to townships.
This has not happened yet–but, in one known case, it got close. What stopped it wasn’t a safety mechanism, but an error code.
According to a study of this case, hackers had intended to release a malicious software that would allow them to hijack control of the plant’s safety systems, which acts as a stopgap to any dangerous malfunction by shutting down valves, among other things. Investigators later found that it wasn’t the safety valve that had kicked in, but a flaw in the code deployed by the hackers kept tripping the system, prompting an investigation into the cause.
This is the first known attempted cyber attack on an industrial facility with intended far-reaching consequences. Its discovery sparked a dark realization of the extent that hackers can go, as well as how the Internet of Things (IoT) has expanded the attack surface of Industrial Control Systems (ICS).
The world of ICS, much like the networks that control large and often critical infrastructure such as the petrochemical plant in the earlier example, has vulnerabilities. In order to secure ICS facilities, we need to understand the risks and how to plug the weak links.
Investigators of the cyber hack in the plant discovered that the hackers had been lurking within the system for years, likely infiltrating a weak firewall and then exploring the network, searching for vulnerabilities. There are several ways this can happen.
First, the increasing use of IoT has now seen much more convergence of information technology (IT)–which deals with data management and exchange of all forms of electronic data–and operational technology (OT)–that enables you to monitor and control devices and processes within an industrial organization. While this connectivity enables remote monitoring and operation of equipment to enhance efficiency, it also gives hackers more surface area for cyber attacks as traditionally closed-off OT systems are no longer isolated. Therefore, a cyber attack on the internet-connected combined IT–OT system, especially if it is part of a critical national infrastructure, can potentially have a major impact on national security.
Second, the hackers could infiltrate the environment through various tactics that exploit vulnerabilities, such as weak passwords, unpatched systems, lax firewall rules, weak wireless communication tools and insufficient network safeguards. Exploiting these vulnerabilities could result in loss of production and significant property damage.
Third, humans are among the weakest links in this cyber fight, presenting a vulnerability with the highest potential to cause irreversible damage. Untrained employees may be unaware of actions that could lead to cyber security breaches, be it connecting to a malicious device, allowing a third party to access systems without following necessary policies and procedures. These practices make a hacker’s life much simpler.
According to a FM Global Cyber Loss report, losses from such attacks extended beyond the destruction and distortion of data to interruptions of network-dependent business and the shutting down of production operations. Statistics show the dramatic upward trend of loss frequency over the years. In 2017, only two versions of malware caused most losses, whereas in 2019 losses came from a far greater variety of sources, confirming that the number of threats is increasing.
To mitigate such losses, businesses should implement a pragmatic approach for identifying risks and potential business loss consequences. This will allow businesses to build a clear understanding of their overall systems, the connectivity of their devices, the interdependencies and allow them to identify vulnerabilities that can cause serious consequences and business disruption if exploited by threat actors.
A mindset change is also necessary. Instead of looking at cyber threat as a low risk, board members and C-suite executives should understand this as a potentially severe risk. Without a strong management commitment to ICS, well-intentioned programs can be eroded by pressure to maximize production, neglecting the importance of risk control. A strong management commitment ensures that the necessary attention, resources and capabilities are allocated to ensure that ICS infrastructure is resilient against cyber attacks.
In short, the need for efficiency, remote access to and visibility of production environments has led to ICS systems becoming digitally connected which, in turn, expands the cyber attack surface, making them more vulnerable. Most of the security of these production networks have not kept pace with the evolving threats. Cyber attackers are determined, so business leaders never know who is lurking at your gate. The sooner business leaders implement a cyber-safety first culture, the more resilient their business will be.
As originally published in CPO Magazine.
FM Global's Cyber Risk Assessment Awarded: Wins Cyber Security Product of the Year Award from Continuity Insurance & Risk Magazine
Cyber Exposure in High-Hazard Industries: Discover key considerations to cyber security in power gen and chemical facilities (video)
Mitigating Physical Losses From Cyber Attacks: Damage caused by modern attacks hits harder than a traditional data breach