Every cool beverage, glowing screen, or warm bed is brought to us by Industrial Automation and Control Systems (IACS). These marvelous transformative systems enable our economy and way of life; without these systems, we would find ourselves living in a far less desirable post-apocalyptic world.
The Importance of Cyberlearning
IACS requires connectivity, while connectivity supports innovation; connectivity also opens a system to new threats. As we have seen, with every connected device, there is a cyberlearning development curve. We have learned repeatedly the hard way that shipping a zero-defect secure connected device is remarkably challenging. IACS has more significant challenges than a typical connected device, as IACS by design requires orchestration between various connected devices to solve complex interactions, making decisions beyond superhuman speed. Security, mitigation, and resilience must be built-in to meet these demanding challenges.
Industrial Connected Devices Under Attack
A disgruntled job-seeking applicant in Australia using a network-based attack caused massive ecological damage by dumping more than 264,000 gallons of raw sewage in neighboring waterways. The infamous Stuxnet malware disrupted and damaged the Iranian nuclear weapons program. The unsuccessful Russian Triton malware targeted the Saudi Arabian petrochemical plant with the intent of causing massive physical damage and loss of life. The Russians have attacked the Ukrainian power grids with severe specialized malware targeting multiple classes of systems.
Industrial Automation Challenges
Attribution is a severe challenge of industrial automation control systems. Identifying a hardware failure from malicious actors may not be possible. If the Russian Triton attack had not failed, it’s unlikely investigators searching the rubble of a destroyed petrol plant could uncover any malware. An industrial automation system failure often leads to catastrophic outcomes.
Potential Loss of Life
China’s Wenzhou bullet trains failed communication systems resulted in collision and derailment, killing 40 people and injuring 190. Russia’s Sayano-Shushenskaya power station failed catastrophically, killing 75 people and destroying the station. The hydro turbine’s 920-ton rotor cover shot up, the rotor broke free from its seat, rising 9 feet. The San Bruno natural pipeline explosion killed eight people and leveled 35 homes. People would be disturbed to learn that catastrophic hardware, architectural, or maintenance failures can be spurred or faked with a cyberattack.