Many people still are unable to comprehend the concepts of using cyber attacks to cause actual physical damage. Although the news has these dramatic reports of hackers devastating power plants through the use of keyboards, these ideas are generally confined to fiction rather than applied in the real world. This is why using cyber to hack a chemical plant to cause physical damage is exceedingly complex and difficult but still very possible:
At Def Con 23, Marina Krotofil, senior security consultant at the European Network for Cyber Security, and Jason Larsen, principal security consultant at IOActive, presented Rocking the pocket book: Hacking chemical plants for competition and extortion; you can grab a copy of their presentation (pdf) and slides (pdf) as the duo delved into a complete attack, from start to finish, on a simulated plant for Vinyl Acetate production. Pulling off an operational technology hack that affects a physical thing in the real work is an extremely complex process with many stages that range from learning to leaving false forensic footprints to get away with the attack.
Cyber-physical attacks “go through several stages before the evil goals can be achieved;” most attackers have no idea about the complete process and how to manipulate it. If an attacker remotely tweaked one thing, turned a valve for example, how would that affect something else like reactor temperature? “Cyber attacks on process networks may allow the attacker to obtain sensor readings, to manipulate sensor measurements sent to controllers and instructions sent to actuators. To appreciate the effect of such manipulations the attacker has to understand the physical part of her target.” You need only look at one of several diagrams to grasp how much an attacker would need to understand.
“Blindly trying to destroy a process by overheating a tank will probably only result in exercising the emergency shutdown logic and the pressure relief valves,” they explained. When an attacker goes searching for answers, they likely understand the technician’s documentation but they also need to under the harder version – the engineer’s answers.