Industrial control systems, often referred to as ICSs, are embedded cyber-devices that operate critical infrastructures (for example, energy, transportation, water). In a nutshell, they are computers that control the world around us.
For many years, malicious cyber-attackers have been targeting Industrial Control Systems (ICSs) that manage critical infrastructures. Most of these threats to ICSs are not well-known, and yet they are continually growing and becoming more complex.
Cyber-threats in ICSs manifest themselves in different ways, such as directed attacks, cyber-intrusion campaigns, malware, and cyber-threat groups. In this article, we are taking a look at some of the most prominent examples throughout history:
The first-ever cyber-threat happened in 1903 when Italian radio pioneer Guglielmo Marconi was preparing a public demonstration of his morse code radio system. Before he could even start, the presentation was interrupted by clicking sounds coming from his projector. It was the sound of Morse code, and the unexpected message was spelling out insults aimed at Marconi. The person behind this scientific vandalism was Nevil Maskelyne, an inventor, magician, and probably the first hacker in history!
One of the most infamous system breaches happened at Maroochy Water Services on Queensland's Sunshine Coast in Australia. In March 2000, the Maroochy Shire Council experienced problems with its new wastewater system. Communications sent by radio frequency (RF) signals to wastewater pumping stations failed. An engineer who was monitoring signals passing through the system discovered that someone was interfering with it and deliberately causing problems. The culprit was 49-year-old Vitek Boden, who used his laptop and specialized Supervisory Control and Data Acquisition (SCADA) equipment to control some 150 sewage pumping stations. Over a three-month period, he released millions of gallons of untreated sewage into waterways and local parks!
The year 2010 was the year of the world's first digital weapon - a highly sophisticated computer worm called Stuxnet. Developed by the American and Israeli governments, it was used on an Iranian nuclear facility called Natanz. Stuxnet targeted the computer system of the machines used to enrich uranium, known as centrifuges, and instructed them to spin out of control, eventually causing them to break apart.
In January 2014, Target was the “target” of a massive data breach in which hackers gained access to retail giant's POS systems using login credentials belonging to an HVAC company. The attackers installed malware on the system, capturing sensitive data of over 40 million consumers!
These are just some of the cyber-events the world has experienced thus far, which demonstrate the evolving technical capabilities of hackers and their willingness to cause physical damage. For critical infrastructure, developing the ability to detect and recover from a cyberattack is of the utmost importance.
Cyber threats are very real, and the necessary investments in cybersecurity should be made by the organizations and companies that operate or own these infrastructures. It is critical to analyze the weak points of systems and to seek proven solutions. If you want to learn more about Cybersecurity of Industrial Control Systems, feel free to get in touch.