German Steelworks Physically Damaged By Cyber Attack

The real life danger posed to industrial infrastructure by cyber attacks has been revealed in a new report.

The annual report of the German Federal Office for Information Security (BSI) detailed how a steelworks in Germany was badly damaged physically by a cyber attack.

Massive Damage

It said that a blast furnace at an unnamed German steel mill suffered “massive damage to machinery” following a cyber attack on the plant’s network.

The intrusion apparently destroyed parts of the control system at the steelworks, and the blast furnace was not regulated properly and could not be shut down as normal.

The breach of the industrial control systems of the plant “resulted in an incident where a furnace could not be shut down in the regular way and the furnace was in an undefined condition which resulted in massive damage to the whole system,” according to the report.

The BSI report said the attackers were highly skilled and used a combination of targeted emails and social engineering techniques to infiltrate the plant. “Spear phishing” emails were reportedly aimed at particular individuals in the company to trick them into opening messages and reveal passwords and other sensitive data.

This stolen information was then used by the hackers to gain access to the plant’s office network and then its production systems.

Robert M. Lee, co-founder of security firm Dragos Security noted in a blog post, that the attackers were highly skilled.

“The report stresses that the attackers were not only skilled in Information Technology skills but also in ICS knowledge. The BSI state that technical analysis of the attack revealed that the adversaries were knowledgeable with control systems and of production processes,” wrote Lee.

Control System Risk

According to Lee, this is only the second time a reliable source has publicly confirmed physical damage to control systems as the result of a cyber-attack. He wrote that the first instance, the malware Stuxnet, caused damage to nearly 3,000 centrifuges in the Natanz facility in Iran.

But the potential risk to systems controlling critical infrastructure and industrial systems remains very real indeed.

Researchers have previously warned that security weaknesses in industrial control systems could allow hackers to create cataclysmic failures in infrastructure.

For example the United States has passed legislation that would protect its electricity grid from attacks. The GRID Act would direct the FERC (Federal Energy Regulatory Commission) to take measures to protect the electricity grid from telecommunications intrusions.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago