5 Attacking infrastructure
In 2010, a malware known as Stuxnet was discovered. The malware was specifically designed to target programmable logic controllers (PLCs), which are widely used to control industrial motors. It was believed that the malware was designed by the US and Israeli security agencies to sabotage Iran’s uranium enrichment plant, in an effort to stop or delay its nuclear programme.
If malware can target and sabotage an industrial plant, it is possible that other malware could disrupt critical infrastructures such as electricity, gas and water supply systems and communication systems. At the time of writing, no malware has yet caused large-scale infrastructure failure. However, there have been signs to suggest that attempts have been made.
In the following activity, you’ll do a web search to find out whether there is any malware that can attack critical infrastructures or how close it has come to being capable of doing so.
Activity 13
Carry out a web search to look for at least two reports about a theoretical or actual infrastructure attack from the past three years. Summarise the main points of the reports you found.
Feedback
At the time of writing, some small-scale critical infrastructure cyber-attacks have happened. The most well-known one was the attack on the Ukrainian power network that left hundreds of thousands of people in the west of the country without power for hours. Full details of this and other attacks on critical infrastructure can be found using the link below:
Top 5 critical infrastructure cyber attacks [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] (Ball, 2017)
As for the UK, the two news reports below relate to critical infrastructure cyber-attacks: