Cyberattack On German Steel Factory Causes 'Massive Damage'

An anonymous reader writes: In a rare case of an online security breach causing real-world destruction, a German steel factory has been severely damaged after its networks were compromised. "The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory's office networks, from which access to production networks was gained. ... After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in 'massive damage to plant,' the BSI said, describing the technical skills of the attacker as 'very advanced.'" The full report (PDF) is available in German.

"very advanced"? More likely...

[Opportunist]

I'd rather not call the average attack "very advanced". I'd rather call the average security situation in the average company "very crappy".

And I have little reason to assume this being different.

Maybe not the only one

[WoOS]

Googling for "steel furnance shutdown" finds more reports on unexpected shutdowns this year.
Two in Ashland, Ky, and one or two somewhere in Indiana and one in Bhopal, India. Note that they all seem to have occured in June/July.

Maybe some competitor trying to up his margin by reducing supply?

Re: Fundamental failure of process design

Safety includes property as well as people.

When my employer was designing a land mine detector for the US government (which used a partially automatic hydraulic mount), we were explicitly required to consider and address the risks of damage to people, the system, and third-party objects/property in our safety analyses. Even in case of system faults, it was crystal clear that we were expected to avoid, or failing that minimize, collateral damage.

Of course, that didn't stop drivers from using the system to push things around, probably doing damage to both the sensors and whatever they were pushing. We didn't have input into that control process...

No big red button?

[Hognoxious]

Sure. But software shouldn't be able to make hardware damage itself.

Also, designing something like a steelworks without some kind of hardware-level override is so stupid it borders on criminal.

Re:What took them so long?

[AK+Marc]

What people fail to account for is someone willing to spend $1B to break a $1M machine. This type of insanity is ignored. But, if someone did want to break your toy, you couldn't stop them.

Step 1, they buy your $1M machine (duplicate from the manufacturer). They use it. They find the USB port. They determine the exact signature sent by it.

Step 2. They make USB drives with firmware that looks for that signature and sends different drivers if detected. So the USB drive will serve good drivers and work properly when put in a computer to load the files on. But when you put it in the industrial machine, it will not share the files, but serve up the custom-buit virus.

Step 3. Go to the plant you want to break as a visitor. Drop 10 of the USB drives (all in different colors, styles and sizes, so nobody thinks they are 10 of the same thing). Someone will grab one from the Lost and found when needed. Drop a few in the parking lot. If you are really spending $1B, then sell them too them at a good deal, as anyone using USB for a critical function will be buying USB drives often. Sell them in the stores near where the workers live.

Then wait. Someone will plug you trojan horse into the right gear eventually. Unless they manufacture their own USB drives, they will be vulnerable to this attack.

Security only exists to deter. It can never be both secure and usable.