From “The Interview” to “Blackhat” cyber-attacks are evolving
photo credit: defense-update.com
I watched “The Interview” starring Seth Rogen and James Franco recently. As expected, it was pure farce. Not my cup of tea really, but the extreme reactions to the movie highlight how satire has gone far beyond simple entertainment and has moved into the realm of harsh reality. The horrific terrorist attack on a satirical magazine in France earlier this month has shown us all just how serious satire has become in today’s volatile world.
photo credit: imdb.com
When Sony Pictures Entertainment was hacked in November of 2014, the perpetrators reportedly called themselves the “Guardians of Peace” and apparently demanded that Sony cancel the planned December 25, 2014 release of “The Interview.” Many believed that North Korea sponsored the attack to demonstrate their outrage over the content of the movie, but the North Korean government has denied any involvement.
Regardless of who was responsible for the Sony hack, no one was killed or physically injured, unlike in France. No real property was damaged, as the Sony incident was limited to the digital world. This sort of limitation seems to be disappearing as cyber-terrorists are starting to cause actual physical damage in the real world.
photo credit: youtube.com
Sticking with the cinematic theme of this blog, the film “Blackhat” was released a few weeks ago, starring Chris Hemsworth, also known as “the hunk who played Thor,” to the ladies around my house. I haven’t seen it yet, but the storyline goes something along the lines of an infamous hacker, the Thor guy, being released from prison to help the authorities capture a mysterious cyber-criminal who is determined to blow up nuclear power plants, derail trains, take down power grids, and other atrocities that fill the big screen with the unbelievable graphics and computer animation moviegoers have come to expect these days.
Unfortunately, for all of us back in the real world, cyber-attacks on physical infrastructure have already begun, and many believe it is only a matter of time before they become lethal. In December 2014, a report issued by Germany’s Federal Office for Information Security claimed that cyber-terrorists hacked a steel mill in Germany. According to an article written by Kim Zetter in Wired, the report specified that the hackers were somehow able to manipulate control systems and that the plant was “unable to shut down a blast furnace in a regulated manner” which resulted in “massive damage to the system.”
photo credit: wired.com
Again, no one was hurt or killed in this incident, but the steel mill was physically damaged and one can safely assume that production was either stopped completely or delayed and that repairs were expensive.
The only other published account of a digital attack causing physical destruction of equipment was Stuxnet, the cyber weapon that U.S. and Israel operatives launched against control systems in Iran in 2007 or 2008 to sabotage centrifuges at a uranium enrichment plant. According to the Wired article, the Stuxnet “attack was discovered in 2010, and since then experts have warned that it was only a matter of time before other destructive attacks would occur.”
As we collectively learn more about cyber-terrorists and how to stop them, we all need to focus on closing the security gaps we have in our industrial control and business systems. Manufacturing plants, distribution facilities, transportation networks, electrical grids, water and sewage treatment plants, refineries, hospitals, banks, schools, office buildings, theaters, stadiums, and a myriad of other technology-dependent infrastructure sites could all be vulnerable to cyber-attacks.
With the harsh realities we now face in today’s turbulent world, the time is now to seriously address cyber security in the industrial context.
Dave Parrish is the Senior Global Marketing Director for the Industrial Machinery & Components (IM&C) industry at SAP. Based in Denver, he has been with SAP for 8 years. Prior to joining SAP, Dave spent 10 years working for the J.D. Edwards > PeopleSoft > Oracle corporate “mash-up” as well as QAD. Before joining the software industry, he spent over 15 years in the industrial manufacturing sector and earned a BS in Advertising from the University of Illinois in Champaign-Urbana, an MBA in Transportation Management from the University of Colorado in Boulder, and a Certification in Production and Inventory Management (CPIM) from APICS, a leading association for supply chain and operations management. When not working, Dave likes to listen to music, hike, bike, ski, paddle, and camp with his wife, son, daughter, and dogs.