View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 19, 2014

BSI admits cyber attack caused physical damage to iron plant

Will governments wake up to the increasing ‘cyber threat’ on critical installations?

By Vinod

In a rare instance of public admission by a government, the German federal agency Bundesamt für Sicherheit in der Informationstechnik (BSI) has accepted that a recent cyber attack has caused physical damage to an iron plant in the country.

Acknowledging the incident in a report called ‘the IT Security Situation in Germany in 2014,’ the agency said that the hackers gained access to the production network by targeting the iron plant’s office network through a very sophisticated spear phishing and social engineering method, as reported in The Wall Street Journal.

As the plant’s control systems were ‘compromised’, a furnace could not be shut down in the regular way and remained in an undefined condition, leading to catastrophic damage to the machinery.

The agency reported that failures became more frequent in the individual control components as well as the overall system, resulting in the blast furnace not being regulated properly.

The agency has refused to respond to a request for additional information about the company’s name or the extent of the damage.

The BIS, which prepares annual reports on the health of IT for the German government, including critical infrastructure, has tied a cyber action to actual physical destruction for the first time.

Writing about the German incident Michael Assante, industrial control systems lead for SANS Institute, a cybersecurity research and education organization said: "I know of seven other incidents that have claimed to have had a cyber-to-physical or significant process effect and a few near misses that were caught in time."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Commenting on the situation Robert M. Lee, a co-founder at industrial control systems security firm Dragos Security LLC said: "The industrial control systems community is very secretive for legal and compliance reasons."

"We’re absolutely reaching a point where it’s becoming more normal and expected to talk about these things rather than run from them."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.