The Industrial Internet of Things (IIoT), aka the Industrial Internet, is the integration of complex machinery with networked sensors and software. The machines are connected and talking to each other, and communicating back to centralized control systems e.g. Manufacturing factories, Power Plants, Energy Grids, Semiconductors, Automotive, Aerospace and Commercial Building Automation.
The IIoT is polsed to bring a new world of benefits to businesses operating industrial systems – optimized operations and supply chains, greater business agility, new revenue streams and services and more. To fully capture these benefits, the systems are exploding in scope to greater internet connectivity and shifting further away from the historically closed systems that relied more heavily on physical security to ensure integrity.
Unfortunately, with this broader connectivity comes new attack vectors, vulnerabilities, and more opportunities for hackers.
Nov 2007 – The Stuxnet Worm
Allegedly created by American-Israeli Governments in order to attack Iran’s Nuclear Facilities. The systems compromised weren’t connected to the Internet at the time. Centrifuges and valves were sabotaged and five companies related to the nuclear programme were also breached.
Nov 2011 – SCADA System
Hackers destroyed a pump used by a US Water Utility Company after gaining remote access to their SCADA system by stealing usernames and passwords belonging to the manufacturer’s customers. Levels of chemicals in the treatment company were changed and 2.5 million customer’s had their personal data exposed online.
April 2012 – Smart Meters
Smart Meters were hacked in Puerto Rico to reduce power bills. The FBI was asked to investigate and found that these hacks did need a physical presence. They also found that the Puerto Rico Utility Industry was losing an average of $400 million a year from Smart Meter hacking.
April 2013 – Serial Port Servers
Rapid7 found vulnerabilities in the configuration of serial ports or terminal servers, which could expose a range of critical assets such as POS terminals, ATM’s and Industrial control systems.
Dec 2013 – TARGET Breach
The company was breached when hackers used malware to penetrate a HVAC company working for them. Personal data for over 70 million customers was stolen in year DEC 2013.
July 2015 – Sniper Rifle
Security researchers at the Black Hat Hacker conference showed how you can hack into a Tracking Point self-aiming rifle through vulnerabilities in its software.
Oct 2015 – Power Quality Analyzers
Applied Risk released a report showing vulnerabilities in power quality analyzers used to monitor power quality and analyze electrical disturbance that can interfere with industrial equipment.
Jan 2015 – German Steel Mill
Hackers gained access to the steel mill through phishing emails and prevented their blast-furnace from shutting down. This results in catastrophic damage to the plant, its systems and its equipment.
March 2016 – Ukraine Power Grid
Hackers used stolen credentials to gain remote access to the Ukrainian power grid and cut power to 30 substations and 225,000 customers. The attack included installation of custom firmware, deletion of files including master boot records and shutting down of telephone communications.