German Steelworks Physically Damaged By Cyber Attack

The real life danger posed to industrial infrastructure by cyber attacks has been revealed in a new report.

The annual report of the German Federal Office for Information Security (BSI) detailed how a steelworks in Germany was badly damaged physically by a cyber attack.

Massive Damage

It said that a blast furnace at an unnamed German steel mill suffered “massive damage to machinery” following a cyber attack on the plant’s network.

The intrusion apparently destroyed parts of the control system at the steelworks, and the blast furnace was not regulated properly and could not be shut down as normal.

The breach of the industrial control systems of the plant “resulted in an incident where a furnace could not be shut down in the regular way and the furnace was in an undefined condition which resulted in massive damage to the whole system,” according to the report.

The BSI report said the attackers were highly skilled and used a combination of targeted emails and social engineering techniques to infiltrate the plant. “Spear phishing” emails were reportedly aimed at particular individuals in the company to trick them into opening messages and reveal passwords and other sensitive data.

This stolen information was then used by the hackers to gain access to the plant’s office network and then its production systems.

Robert M. Lee, co-founder of security firm Dragos Security noted in a blog post, that the attackers were highly skilled.

“The report stresses that the attackers were not only skilled in Information Technology skills but also in ICS knowledge. The BSI state that technical analysis of the attack revealed that the adversaries were knowledgeable with control systems and of production processes,” wrote Lee.

Control System Risk

According to Lee, this is only the second time a reliable source has publicly confirmed physical damage to control systems as the result of a cyber-attack. He wrote that the first instance, the malware Stuxnet, caused damage to nearly 3,000 centrifuges in the Natanz facility in Iran.

But the potential risk to systems controlling critical infrastructure and industrial systems remains very real indeed.

Researchers have previously warned that security weaknesses in industrial control systems could allow hackers to create cataclysmic failures in infrastructure.

For example the United States has passed legislation that would protect its electricity grid from attacks. The GRID Act would direct the FERC (Federal Energy Regulatory Commission) to take measures to protect the electricity grid from telecommunications intrusions.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

3 days ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

3 days ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

3 days ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

3 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

3 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

3 days ago