December news roundup: Critical infrastructure cyberattacks overshadowed by Sony data breach

• “Hack attack causes ‘massive damage’ at steel works” via the BBC

• “Low-risk ‘worm’ removed at hacked South Korea nuclear operator” by Meeyoung Cho at Reuters

• “A cyberattack may have caused a Turkish oil pipeline to catch fire in 2008” by Ariel Bogle at Slate

• “Iranian hackers targeting critical infrastructure across the globe” by Amanda Vicinanzo at HSToday

In what was one of the biggest cybersecurity stories of 2014, Sony Pictures fell victim to a major data breach where terabytes of information was stolen that was then slowly leaked to the public over the course of weeks. The ensuing scandal over embarrassing executive emails and the revelation that North Korea may have been the culprit, spurring fears of cyberwar, dominated the December headlines. It overshadowed other important industrial cybersecurity stories with implications for the state of the industry as we head into 2015. These stories included the disclosure of a cyberattack against a German steel mill that caused massive damage to a blast furnace, and the discovery of a computer worm that was removed from devices connected to industrial control system (ICS) networks at a South Korean nuclear operator. Read about these developing stories and more in this month’s news roundup:

The German Federal Office for Information Security (BSI) disclosed in its annual report a cyberattack against a steel mill blast furnace, causing massive physical damage. Hackers were able to infiltrate the plant by stealing the credentials of employees that had access to control system networks. This is a major cyberevent, and serves as a wake-up call for the evolving capabilities of modern-day adversaries as it is one of the best examples of how a cyberattack can be a threat to safety and reliability.

When investigating a non-critical data breach from earlier in the month, a South Korean nuclear facility discovered a computer worm on certain devices that were connected to control system networks. While no control systems were compromised by the virus, it underscores the security concerns of IT corporate networks with critical OT networks. Any control system network connected directly or indirectly to the internet must have security defenses in place to ensure the continued safety and reliability of protected systems.

In what would surely require a re-write of industrial cybersecurity history, Bloomberg reported that a cyberattack was behind a Turkish oil pipeline fire in 2008. If the report is accurate, then the incident took place two years before the infamous Stuxnet worm damaged centrifuges at an Iranian nuclear facility. The Turkish oil pipeline event would be one of the earliest-known examples of a high-impact cyberattack on critical infrastructures. For the world, it’s just another reason why cybersecurity is just as important as physical security.

Iranian hacker activity has picked up around the globe, compromising computer networks, government agencies and critical infrastructure sites in the U.S. in a campaign called “Operation Cleaver.” While Iranian hackers are nothing new, the story offers evidence that the threats out there are real and they need to be taken seriously. With new recruits coming in daily, our adversaries and their capabilities keep getting stronger. Critical infrastructures need to keep strengthening their defenses as well, including the latest best practice, stronger-than-firewall protections, to stay one step ahead.

Want to read more industry news? Check out our November news roundup.