Seems far fetched, but it is not.
Of course, it is expensive. It took Stephen Hilt almost two weeks and $400. Of course that is the “quantity one” price. With a little work and volume, the price would go down.
Dark Reading is reporting that Stephen, who works for the industrial control security firm Digital Bond, took a normal factory automation controller case, added a few off the shelf components like a Raspberry Pi CPU and a DroneCell cellular modem, add a dash of metasploit-like software and VOILA!, the factory is toast.
The DroneCell card allowed Stephen to bypass the airgap; the software allowed him to issue a stop command to every controller on the network and the factory or power plant comes to a complete halt. Now all he has to do is send a text message to his cell card to start things off.
All in the case of an Allen Bradley PLC controller.
Next he would need to payoff some disgruntled maintenance person at the plant to install it. That might cost him another hundred bucks. Or, if that person is really disgruntled, he might do it for free. He could get a job with a contractor that maintains the plant and get PAID to install his attack tool.
Given the state of (lack of) controls at most factories or utilities, if the very normal looking box was stuck in an out of the way place, it might take a while to find it. IF they even think to look for a rogue controller. Shut down the plant every week or two at random times and watch them scratch their heads.
Stephen does give credit where credit is due. The idea came from a similar but different effort by DARPA and the Department of Energy’s Idaho National Laboratory who built a hacking tool inside a power strip.