Cybersecurity and plant safety
12 February 2015
Cybersecurity for process plant operators made it into the headlines at the end of 2014 following the announcement by the German Federal Office for Information Security (BSI) that a cyberattack on one of the country’s steelworks had caused “massive damage”, wrecking a blast furnace at the un-named plant. At the same time, security investigators said they now consider the explosion of a Turkish oil pipeline in 2008 to have been caused by cyber-sabotage
South Korea has also reported a number of attacks against its power utilities, most recently the discovery of malware at one of its nuclear plants in early January.
The BSI report explained that the attackers combined social engineering with a phishing campaign to gain access to the steel factory’s office network. Once the hackers infiltrated the network, they were able to tamper with the controls of a blast furnace.
After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in massive damage to the plant, the BSI said, describing the technical skills of the attackers as “very advanced”.
Industry observers say the perpetrators of the German steelworks attack were most likely Russian, although the BSI said their origin was not known. The cyberattack on the Turkish oil pipeline is also thought to have been carried out by Russians, and other attacks on process plant and power utilities have been sourced to China and North Korea.
The South Korean Defense Ministry said in January that the North Korean military's cyber army has boosted its numbers to 6,000 troops, double Seoul's estimate for the force in 2013, and is working to cause "physical and psychological paralysis" in the South.
The new figure, disclosed in a ministry white paper, comes after the United States, South Korea's key ally, imposed new sanctions on North Korea for a cyberattack on Sony Pictures Entertainment. Pyongyang has denied involvement in the attack.
Its long-term target may be telecoms and energy grids in rival nations, defectors from the isolated state said. In 2013, South Korea blamed the North for crippling cyber-attacks that froze the computer systems of its banks and broadcasters for days.
These incidents underline the vulnerability of process plant and will ensure that cyber security becomes a top concern for those responsible for plant safety, if it is not already.