Cyberattack On German Steel Factory Causes 'Massive Damage'

An anonymous reader writes: In a rare case of an online security breach causing real-world destruction, a German steel factory has been severely damaged after its networks were compromised. "The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory's office networks, from which access to production networks was gained. ... After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in 'massive damage to plant,' the BSI said, describing the technical skills of the attacker as 'very advanced.'" The full report (PDF) is available in German.

yeah right

"sophisticated social engineering techniques"

So they got some pizza delivery before this all started.

What took them so long?

[Archtech]

About 20 years ago I used to lecture on the topic of computer security. Taking my cue from UK government experts whom I had met back in the 1980s, I used to point out that the only secure computer system is one that cannot be accessed by any human being. Indeed, I recall one expert who used to start his talks by picking up a brick and handing it round, before commenting, "That is our idea of a truly secure IT system. Admittedly it doesn't do very much, but no one is going to sabotage it or get secret information out of it".

I still have my slides from the 1990s, and one of the points I always stressed while summing up was, "Black hats could do a LOT more harm than they have so far". To my mind, the question was why that hadn't happened. The obvious reason was motive: why would anyone make considerable efforts, and presumably put themselves at risk of justice or revenge, unless there was something important to gain?

Stuxnet was the first highly visible case of large-scale industrial sabotage, and I think everyone agrees it was politically motivated - an attack by one state on another, and as such an act of war (or very close to one). This looks similar, and apparently used somewhat similar methods.

The article tells us that "...hackers managed to access production networks..." The question is, why was this allowed? If "production networks" cannot be rendered totally secure, they should not exist. Moreover, if they do exist they should be wholly insulated from the Internet and the baleful influence of "social networks" and the people who use them.

Maybe not the only one

[WoOS]

Googling for "steel furnance shutdown" finds more reports on unexpected shutdowns this year.
Two in Ashland, Ky, and one or two somewhere in Indiana and one in Bhopal, India. Note that they all seem to have occured in June/July.

Maybe some competitor trying to up his margin by reducing supply?

Re:Fundamental failure of process design

[drinkypoo]

What kind of a plant is designed in a way that a full failure of their control system would result in being unable to shutdown in a controlled manner.

Pretty much all of them. At best, you can lose a batch of something if the process fails in the middle. If Sunsweet loses power in the middle of cooking a batch of fruit paste, the batch not only fails and has to be trashed but cleaning the system is far more difficult than if the batch succeeds. At the point where factories become complex enough to need digital automation, you cannot reasonably create a failsafe mechanism which will prevent an error from losing a batch. The best you can hope for in some situations, probably most, is to create mechanical interlocks which will prevent immediately catastrophic combinations of inputs and outputs.

Re:No big red button?

[burni2]

blast furnace:

You intermix iron ore and coke (not the drug! it's processed coal)
and then you start an exothermic reaction, what you then do is process control, you blow in Oxygene to react carbon to CO2 to a certain percentage and when the steel is ready you poke a hole into the furnace and then molten steel poures out.

This is a reaction that is ongoing.

We are talking here about huge amounts of energy.

A smaller example: ever been test running inside a wind turbine of +1,5MW megawatt class, during nominal power operation ?

Push the red button and you will realize what energy is - rollercoaster ride - and how long the rotor will need to come to a full stop.

Bigger Bigger example, push the red button in a nuclear power plant, yes the control rods will react, but if you don't cool the heat from radiactive decay away, you will get a Fukushima.

I hope you are not a pro nuke, because keeping that in mind (the virtually non 100% hardware red button) you would now have ruled operators of nuclear power plants as stupid that it borders on criminal.

Also there were hardware level overrides and they worked, however if you leave the molten mass inside the furance it will solidify == damaged beyond repair

Which happend there, you have then to rebuild the furnace and beforehand have to cut the wrecked furnace open with a many ton heavy steel clump (happy cutting)

Re:Fundamental failure of process design

[140Mandak262Jamuna]

Where is the big-arse power switch?

It is a bloody blast furnace. They could hold anywhere between 20 and 120 tons of liquid molten iron. They are designed to hold that much of liquid metal continuously for five to 10 years. They keep adding raw materials, keep pouring batches and batches of it out. But it always 50% to 100% full of liquid metal. Once in 10 years, they drain, and essentially dismantle the lining of the furnace, and relay the refractory bricks. A three to six month process typically. I don't know the details, I am sure they have a safety pit lined with refractory bricks to drain the furnace in an emergency, like earthquakes, floods or factory fire. It is possible that process was triggered in this instance.