The New York Times reported this week on a hacking attempt at a petrochemical plant in Saudi Arabia last August that sought to physically sabotage the facilities and trigger an explosion. This represents a potentially alarming new trend in cyber attacks where the goal isn’t to steal information or gain control of a system, but rather to cause actual damage to people and property.
Utilizing hacking as a means of industrial sabotage isn’t necessarily new; the Stuxnet virus was deployed to specifically target Iran’s then-operational nuclear plants in order to destabilize its centrifuges. Neither is it unheard of to have cyberattacks cause potential physical harm; the plague of ransomware in the last couple of years spread to several hospitals and effectively shut their systems down, causing obvious potential risks for patients. That being the case, it can be argued that the goal of these hacks was disruption rather than out and out destruction.
The attack in Saudi Arabia apparently failed as a result of a bug in the hacker’s code which shut down the plant’s production systems. It’s likely that the hackers in question have had the time to correct their code and potentially target other similar plants and systems.
The potential for catastrophic consequences of this method of cyberattack should ideally present a wake-up call for governments and businesses alike to take the time to secure their infrastructures and use best practices for cyber hygiene.
More information can be found here.