Safety systems used to prevent industrial accidents is being targeted by this latest piece of malware. While the origins are not based in the United States, it has targeted North American companies.
Initially discovered in Saudi Arabia in the summer of 2017 at a petrochemical plant, the code was able to exploit the plant's safety systems from a remote location. The code was located on a physical controller, which is considered the last safeguard in case of a catastrophic event. They act in a situation where the safety of the plant is in jeopardy, and mitigate the issue or shut down equipment to prevent the escalation of the issue. The controller in a compromised state could be told to not intervene when an issue arises, and potentially cause damage to property and the loss of life.
In a worst-case scenario, the rogue code could have led to the release of toxic hydrogen sulfide gas or caused explosions, putting lives at risk both at the facility and in the surrounding area.
- MIT Technology Review
This is a frightening thought to work with
If infrastructure can be compromised, which is a very real possibility given the malicious nature of this code, then the very safety systems designed to protect us could fail.
Seriously, I'm not all about the conspiracy theory, foil cap, aliens running the world kind of movement... BUT, this is a very dangerous prospect that is proven to exist. While this is a petrochemical plant, and isn't a major infrastructure player like the power grid or water system, the potential to cause real issues is nonetheless the same.
This has happened before, only it was an accident then:
The world’s worst industrial disaster to date also involved a leak of poisonous gases. In December 1984 a Union Carbide pesticide plant in Bhopal, India, released a vast cloud of toxic fumes, killing thousands and causing severe injuries to many more. The cause that time was poor maintenance and human error. But malfunctioning and inoperable safety systems at the plant meant that its last line of defense failed.
- MIT Technology Review
The solution to the digital attack front is simple, but hard
If these systems are able to be compromised through external access, the simple solutions would be to remove the external access. Unfortunately, something as simple as "unplugging" isn't as viable as it sounds.
- Unplugging means no internet connectivity at the site, including support facilities
- Unplugging means no devices allowed on premise, including cellphones, tablets, laptops, mp3 players, USB drives, flash drives, smart watches... The list goes on.
- Unplugging means no use of modern technology. Since you are unplugged, you would need to use stable, proprietary, likely antiquated technology.
- Unplugging means no use of security systems. Most modern day security requires some form of internet to work. If it doesn't, it requires another computer which does require internet to work.
- Unplugging means any and all 3rd party updates would have to be done in a sandbox environment, with little access to support resources to revert if things go wrong.
- Unplugging means any and all sensors used to track security, safety, or well being of devices would be useless. Notification systems such as email would be moot, given the lack of internet access.
The list can keep going, and if you go down the rabbit hole, it gets deep quickly. This may have been the first case of malware being used to exploit the public in a very dangerous way (successfully), but the promise of more to come is all but inevitable. The only thing to do is remain vigilant, and hope that the security team is one step ahead of the hacking team.