Let’s start by looking at the nature of the threat. For example:
2015 UKRAINE
A cyber attack on December 23 caused a power outage in
western Ukraine impacting 225,000 utilities customers. The
attackers remotely tripped breakers after installing malware,
thereby bringing down the power grid. They also clogged the
utility’s service center with spam calls to block genuine calls
from affected customers.
2013 NEW YORK
Iranian hackers infiltrated the operations center of the Bowman
Avenue Dam, a small flood control dam in New York, by means
of a broadband cellular modem that connected the dam to the
Internet. While the dam controls were not accessed, the facility
was apparently targeted by a wider network scan for industrial
control systems exposed to the Internet.
2010 IRAN
The Stuxnet computer worm penetrated an ICS at the Natanz
Iranian nuclear facility via a portable USB drive. It infected
the Siemens Simatic S7 programmable logic controllers that
managed the centrifuges used for fuel enrichment, speeding
them up until they self-destructed.
2005 UNITED STATES
A report for the Idaho National Laboratory (a US Department of
Energy National Laboratory) detailed 120 cyber security attacks
on US control systems1.
An incident report recently issued by a US government agency
tasked with tracking ICS security threats in the US noted the
trend from 2010-2015.
Nu
mb
er
o
frep
or
t
edi
nc
id
en
t
s
2010
39
2011
140
2012
197
2013
257
2014
245
2015
295
In the US and elsewhere, it is likely that many cyber attacks go
unreported, which would make the upward trend in security
incidents significantly steeper.
WHAT IS AN INDUSTRIAL CONTROL SYSTEM?
An industrial control system monitors and controls a set
of industrial equipment. You might find an ICS controlling
an electricity distribution network, a field of oil rigs,
refinery processing equipment, or a factory assembly line.
Data (meter readings, status reports) are sent from a
remote or local site to a control center where – by human
or automatic intervention - commands can be sent back to
change the operation of the physical equipment. As well
as being remotely monitored and controlled, operation can
be modified, turned on, or off.
1 R.J. Turk ‘Cyber Incidents involving Control Systems’ Document INL/EXT-05-00671
October 2005