An unnamed critical infrastructure facility was recently targeted by hackers who appear close to developing the ability to shut down operations, according to a report from cybersecurity firm Fire Eye.
The hackers — who some speculate may have been operating on behalf of a nation — used a piece of malware known as Triton to infiltrate the system. The attack marks the first known infiltration of an industrial facility’s safety systems, demonstrating the risks that connected infrastructures pose.
The hackers attacked a workstation running safety software that’s meant to be able to shut down operations when a problem arises. The workstation, running Schneider Electric’s Triconex Safety Instrumented System, was specifically targeted using a customized piece of malware written to compromise the company’s technology system. Attackers had apparently come close to developing the ability to remotely shut down the facility, or even cause physical damage by preventing safety mechanisms from functioning as designed, which could prevent operations from halting in dangerous conditions.
This attempted hack is just the latest in a long string of attempts to compromise infrastructure facilities that have been connected to the internet in order to add greater control and flexibility. The Stuxnet malware targeted Iran’s nuclear enrichment facilities in 2010, for example, while another hack, also suspected to originate with a nation-state, crippled much of Ukraine’s electrical grid in late 2015. Additionally, Symantec reportedthat electrical systems in the US, Switzerland, and Turkey were compromised by the Dragonfly 2.0 hacker group.
The potential for hacks is a risk that accompanies connecting infrastructure or facilities to the internet, but attitudes at companies could exacerbate this issue.Network and security professionals are willing to tolerate medium, or even high, levels of security risk stemming from their IoT deployments as long as they are in compliance with any regulatory requirements, according to a survey from ForeScout and Forrester Consulting.
However, as these recent and increasingly sophisticated hacks demonstrate, the bare minimum clearly isn’t cutting it. Companies with critical infrastructure connected through IoT devices need to step up monitoring of their systems in order to ensure that malware doesn’t infiltrate them. This means allocating additional budget for monitoring and audits, while taking measured steps to add connected devices to workflows without posing additional risks to security.