In 2017, a Middle Eastern petrochemical facility had the unfortunate distinction of being the first known victim of malware specifically targeted at process safety systems. Thanks to this malicious software named TRITON, the oil and gas industry became ground zero for the convergence of SIS process safety and ICS cybersecurity. Suddenly, the relatively obscure world of process safety systems, which had never seriously been considered a cyber vulnerability, was in the spotlight.
This malware is thought to have come from the Russian government – it can cause catastrophic accidents and it is spreading around the world.
The hackers appear to have been inside the petrochemical company’s corporate IT network since 2014. From there, they eventually found a way into the plant’s own network, most likely through a hole in a poorly configured digital firewall that was supposed to stop unauthorized access. They then got into an engineering workstation, either by exploiting an unpatched flaw in its Windows code or by intercepting an employee’s login credentials.
Since the workstation communicated with the plant’s safety instrumented systems, the hackers were able to learn the make and model of the systems’ hardware controllers, as well as the versions of their firmware—software that’s embedded in a device’s memory and governs how it communicates with other things.
The hackers then acquired the same Schneider machine in use, allowing them to mimic the communications protocols of the industrial control systems. They had pretty much total control, allowing them to cause the plant to explode or virtually anything else they wanted to achieve.
We have covered other instances of cyberattackers attacking the physical world. In the U.S., one of the most recent issues was when Iranian hackers attacked a Dam in Rye, New York, potentially causing loss of life.
Users, clicking on emails and other correspondence are the most common way to get into a computer system.
Both of these need to be done as well as consulting with cybersecurity experts who can audit and document systems to ensure they are as secure as possible.
Regulators are getting much tougher and hackers are getting smarter and far better. In most businesses, a cyberattack won’t cause loss of life but instead, loss of confidential data, customer databases and potentially huge fines and lawsuits.
Every company – regardless of size is a target and the time to take action is always before a major breach takes place.