Skip to Content
Computing

A New Industrial Hack Highlights the Cyber Holes in Our Infrastructure

December 15, 2017

 

Freshly discovered malware called Triton can compromise safety systems that control many kinds of industrial processes.

For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants. Now researchers at Mandiant, which is part of the security firm FireEye, have revealed that a new form of malware, dubbed Triton, closed down the operations of a business in the Middle East belonging to Schneider Electric, a French company. The researchers say that they haven’t attributed the hack to a particular attacker, but they do say it bore hallmarks of threats from a nation-state.

Triton appears to have targeted a so-called safety instrumented system, or SIS, which monitors the operation of a physical process using sensors and acoustics. By taking control of it, hackers can destroy or damage the process the SIS is monitoring by tricking it into thinking everything’s normal, when in fact the process is operating at unsafe levels.

In Schneider Electric’s case, hackers were able to compromise an SIS workstation. Mandiant’s investigators think they intended to use the breach to cause damage to the plant. But they inadvertently triggered a shutdown of the industrial process, which led managers at the facility to launch an investigation that revealed the breach.

The latest incident follows others that have underlined the vulnerability to cyberattack of factories and critical infrastructure. In 2010, malware known as Stuxnet infected multiple sites in Iran, in one case destroying centrifuges at a uranium enrichment plant. Last year, an attack on Ukraine’s power grid using malware called Industroyer plunged a large chunk of the country’s capital, Kiev, into darkness (see “A Hack Used to Plunge Ukraine into Darkness Could Still Do Way More Damage”).

The growing threat of such attacks prompted the U.S. Computer Emergency Readiness Team, which operates under the auspices of the Department of Homeland Security and the FBI, to issue a strongly worded alert in October about the risks to numerous sectors, from nuclear power to water and aviation. Some researchers say Triton has been active since September, so it’s possible that its emergence triggered the US-CERT warning.

A study published earlier this year by MIT’s Center for International Studies noted that the pressure to make older equipment in many power plants and other facilities compatible with next-generation Internet-connected hardware has made matters worse. The rush to hook up legacy systems to the Web can leave them vulnerable to attack (see “Patching the Electric Grid”).

It could also leave companies vulnerable to huge lawsuits. “Triton underscores the need for factories and utilities to ... rethink their control and cyberdefense strategies,” said Creighton Magid, a lawyer at Dorsey & Whitney, in an e-mailed statement about the new hack. “The laggards are going to face huge financial risks.”

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

Algorithms are everywhere

Three new books warn against turning into the person the algorithm thinks you are.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.