BBC and others are reporting that a German steel mill was hacked. The report came not from the news media or the mill, but rather the German Federal Office for Information Security (BSI).
As a result, not a lot of details are known, but the posting are new, so perhaps more information will come out in time.
Apparently, the hackers started out the usual way – spear phishing attacks on the business network. Once in, they used that access to get access to the factory floor network.
Using that access, they were apparently able to take over a blast furnace used for melting steel and stop the plant from shutting the furnace down in a normal fashion, causing “massive” damage. Exactly what that means is unclear, but it was apparently significant effort for the BSI to report on it.
What are the take aways from this little bit of information that we have –
1. There apparently was not enough separation between the factory floor network and the business network.
2. There apparently were not enough safeguards in the factory control system to retake control of the physical factory after hackers got into the network.
3. Possibly, there was not an adequate incident response plan to deal with a situation like this.
4. Cyber attacks can cause “massive” physical damage.
2015 looks to be an interesting year.