At the end of 2014, the German Federal Office for Information Security (BSI) released a report describing a disruptive cyber hack at a named steel plant. The attack – which was used through a combination of social engineering tactics and malicious code – jeopardized several of the steelworks' industrial control components. From there, equipment disruptions and production interruptions occurred, which resulted in extensive destruction of property.
This attack has become known as one of the first cyber incidents that resulted in significant physical damage-which shows the extensive losses that such incidents can cause. In retrospect, there are various cybersecurity lessons that organizations can learn by examining the details of this incident, its impact and the mistakes that the facility made along the way. Here's what your organization needs to know.
Details of the steelworks' cyber attack
BSI's report from 2014 explained that a large-scale cyber attack occurred at an unsolved steel mill in Germany earlier that year. The attack originally originated from cybercriminals who used a series of social security techniques – namely javelin fishing emails – to manipulate some of the facility's employees into revealing their security information. By pretending to be a reliable source within the facility, cybercriminals successfully tricked several employees into seeing fraudulent emails. Opening e-mails triggered the launch of a malicious program that extracted employees' usernames and passwords.
Cybercriminals then gained access to the Cyberhack Steelworks' office network and production system using these stolen credentials. As cybercriminals infiltrated the plant's operational technology, they began to target specific industrial control components and disrupt the functions of certain machines and equipment – contributing to manufacturing failures. In particular, a blast furnace at the plant could not be switched off properly. These incorrect shutdown protocols proved to be harmful to the furnace and caused significant physical damage to the plant.
The perpetrators of this incident are still at large, and their true motivation for the attack is still unknown. However, BSI's report confirmed that these cybercriminals had an abundance of technical knowledge – both in traditional IT systems and the steelworks' specialized, industry-specific technology. As such, cybersecurity experts have suggested that the perpetrators may have previously worked in the steel industry or belonged to an advanced group of cybercriminals.
The effect of the steelworks 'cyber attack
Since the name of the steelworks' facility and specific information about their activities were never shared, the full effect of this cyber attack is indeterminate.
Despite this, the plant probably had the following consequences from the incident.
BSI's report explained that incorrect shutdown of the blast furnace led to "massive" property damage at the steelworks' plant. Fortunately, no employees or the public were harmed by the incident. Given the fact that a blast furnace usually holds molten metal that heats up to extreme temperatures, it can be concluded that any malfunctions or degradations of this equipment contributed to serious physical destruction – which affected both the furnace itself and property nearby. Affected property may include additional machinery, equipment and structural elements in the facility (eg walls, floors and pipes).
As a result of physical damage from the cyber attack, the steelworks' facility will undoubtedly incur large recovery costs. Although the full list of plant components, special equipment and production systems affected by the incident is unclear, the cost of repairing a blast furnace usually costs millions of dollars – enough to wreak havoc on all organizations.
In addition to physical destruction, cybercriminals disrupted the steelworks' operating technology and undoubtedly caused subsequent interruptions to large-scale disturbances. After all, the plant essentially lost control of its production operations throughout the attack. Even after the attack ended, the plant probably experienced delays in the process of restoring compromised components and trying to resume normal operation.
Lessons from the steelworks' cyber attack
There are several cybersecurity downloads from the attack at the steel mill. In particular, the event emphasized these critical lessons:
Employees are an important line of defense.
If the steel plant's staff had known not to open cybercrime gangs' e-mails, this incident could probably have been prevented altogether. With this in mind, it is important for all employees to receive adequate training on cyber security in the workplace. Knowing how to detect and respond to potential cyber threats – such as phishing – can help employees stop cybercriminals in their tracks. Specifically, employees should be trained on the best security practices:
- Avoid opening or replying to emails from unknown individuals or organizations. If an email claims to be from a trusted source, verify their identity by double-checking the address.
- Never click on suspicious links or pop-ups, whether they are in an email or on a website. Do not download attachments or programs from unknown sources or sites.
- Use unique, complex passwords for all workplace accounts. Never share credentials or other sensitive information online.
- Only browse secure websites on workplace devices. Refrain from using these devices for personal browsing.
Contact a manager or IT department if suspicious activity occurs.
Effective security software is crucial.
In addition to training employees, a wide range of security software could have helped the steelworks plant detect, mitigate and possibly prevent this attack. While this software may seem like an expensive investment, it is well worth it to avoid devastating cyber incidents. Necessary security software that you should consider include network monitoring systems, antivirus software, endpoint detection products and patch management tools. This software should be used on all technical components in the workplace and updated regularly to ensure efficiency. It is also valuable to perform routine penetration tests to determine if this software has any security vulnerabilities or ongoing vulnerabilities. If such tests reveal any problems, these issues should be addressed immediately. within their cyber risk assessments. But this attack showed that such debts should not be ignored. It is important to consider whether any physical elements of your organization's operations may be vulnerable in assessing its cyber risks and put in place effective loss control measures to minimize these concerns. Furthermore, the potential for physical harm should be carefully examined when your organization describes different attack scenarios and limitation protocols in its response response plan. It is best to map how workplace technology is linked to physical processes or components within the organization to detect these exposures.
Proper coverage can offer the ultimate protection.
Finally, this attack made it clear that no organization is immune to cyber-related losses — both digital and physical. Therefore, it is crucial to ensure adequate protection against all forms of cyber-related losses by ensuring proper coverage. Make sure your organization works with a reliable insurance professional when navigating these coverage decisions.
We can help you.
In the unfortunate event that your company falls victim to a cyber attack, of any kind, we can help you recover.
Cyber- and data intrusion insurance is developed daily when new threats emerge and new insurance companies enter the market.
No matter what type of business is one thing for sure, if you are a company in operation today you face cyber risks. Which means you need to thoroughly understand your risk of loss, how you would react if a loss occurred and if Cyber & Data Breach Liability coverage makes sense to you.
The coverage level your company needs is based on your individual business and may vary depending on your exposure range. It is important to work with an insurance advisor who can identify your risk areas and adapt a policy that suits your unique situation.
If you want additional information and resources, we will help you analyze your needs and make the right coverage coverage to protect your business from unnecessary risks. You can download a free copy of our e-book, or if you are ready, make Cyber Liability Insurance part of your insurance portfolio, Request a suggestion and we will drive for you.