Introduction
Amid all of the publicity and media attention of the December cyberattack on Sony Pictures Entertainment, a cyber-intrusion on a German steel mill received comparably scant notice. Unlike the Sony hack, however, it highlighted an important and disturbing trend in cyber warfare. Detailed in a German government report released in December, the hacking of the German steel mill signified the second confirmed instance in which a wholly digital attack resulted in the physical destruction of equipment. By initially gaining access to the plant’s business network, the intruders were able to successfully make their way to the production network and access the controls of the plant’s equipment. They were able to control the system to such a degree that a blast furnace could not be properly shut down, resulting in “massive” damage.
According to Wired’s coverage of the incident, much information about the attack is not detailed in the report, including the name of the steel mill, exactly when it happened, and how long the hackers were in the network before the destruction occurred. The report does relay that the hackers apparently had advanced knowledge, not only of conventional IT security, but of the applied industrial controls and the mill’s production processes.
The incident highlights what is possible with the increasingly prevalent networked nature of physical real-world systems, from critical infrastructure networks like electric grids and water treatment systems, to simple and increasingly networked household and personal items in the growing Internet-of-Things (IoT).
Stuxnet
Stuxnet served as the very first instance in which a cyberattack resulted in physical damage on equipment controlled by a computer system. It was a joint U.S.-Israel project responsible for destroying approximately one-fifth of Iran’s nuclear centrifuges by causing them to spin out of control. A report by Business Insider provided further details, describing how the attack was more dangerous than previously thought. Initially deployed into Iran’s Natanz nuclear facility via a worker’s thumb drive, the worm (or malicious code) first scanned the network to provide an electronic blueprint of the plant. This provided an understanding of how the facility’s computers were used to control the centrifuges used to enrich uranium.
After mapping the network’s blueprint and understanding exactly how computers were controlling the centrifuges, the second phase of the attack took place. This involved subtly increasing the pressure on spinning centrifuges while showing the control room that everything appeared normal by replaying earlier recordings of the plant’s protection system values during the attack.
What resulted was a steady drop in the number of centrifuges enriching uranium gas at the Natanz facility. Production declined in 2009 from 4,920 centrifuges in June, to 4,592 in August, to 3,936 by November – a total drop of 984. Furthermore, although new machines were being installed, none of them were functional, as they were not being fed uranium gas.
The Future of Cyber Warfare
What the examples of the German steel mill and Stuxnet make clear is that security is paramount. No longer do cyberattacks threaten only the bits and bytes of data that make up financial information, health records and individual identities. Cyberattacks now clearly have the ability to affect physical objects. In a recent Pew Internet Study, respondents foresee a major cyberattack occurring by 2025 resulting in significant loss of life and financial damage. Security of infrastructure and physically networked equipment must become a primary concern, as everything from smart grids to smart-homes stand to be affected.