Terrorist communication
Sabotage is the action that aims to weak a corporation and industry or an infrastructure through subversion, obstruction, disruption or destruction. In a workplace setting, sabotage is the conscious withdrawal of efficiency generally directed at causing some change in workplace conditions. The nature of terrorism and political violence dictates that there is always someone who suffers, that why in the last decades, there had been some terrorist attacks where power plants, power grids and critical infrastructure had been targeted more or less successfully. These types of attacks are inherently harder to intercept by over-stretched security forces and are fueled in part by terrorist groups’ proficiency in recruitment, using social media and the internet to reach out to disenfranchised sympathizers around the world.
In this context, the following subsections present different past attack scenarios by highlighting potential countermeasures and prevention approaches for each of them.
Scenario 1
The accidents at Chernobyl (1986) and Fukushima (2011) showed the world the devastating effects of nuclear power plant failures. A successful cyber-attack on a power plant is one of the worst case scenarios when it comes to cyber terrorism. Although the security systems of this facilities are well protected with very strict security precautions, there had been multiple incidents in the past.
Stuxnet. The attack on a uranium enrichment facility in Iran by the Stuxnet worm is the most famous case and the most successful attack on a nuclear facility until now. Here four different zero day exploits were used by the programmers to distribute the malware, enter the computer systems of the facility and destroy the enrichment centrifuges (Lindsay 2013). First the malware had to infect many computers worldwide, but mainly in Iran, over weak spots in print spoolers and network share protocols, but also manages to infect offline computers over USB sticks with an infected autorun.inf file. Stuxnet then manages to enter the offline systems of the enrichment facility. After successful infection it searched for specific siemens SCADA (supervisory control and data acquisition) controllers and infected them with a RPC (remote procedure call) exploit. By this it forces the centrifuges to spin faster and faster till they tear themselves apart. Because of the tensions between Iran and other countries on the Iranian nuclear weapon program, the use of 4 relatively expensive exploits, detailed knowledge of the target system and immense effort it is most likely that Stuxnet was created by a state most likely the USA or Israel although they never admitted any involvement. Even if it had not targeted a nuclear power plant and was most likely not executed by terrorists, it showed that an attack on an offline nuclear facility is not only theoretically but also practically possible. Until now the Stuxnet malware was the only successful attack on a nuclear facility but there had been a number of other malware infections in power plants. Here some examples (CANPDT 2017; APS 2017))
- Monju NPP. Japan 2014. A worker in the control room infected his computer with a video playback application update;
- Hydro and Nuclear Power plant in South Korea 2014. This attack, most likely executed by North Korea, targeted the workers of the facility. They received phishing mails which infected the worker’s computers but attack had not lead to a controller access or critical computer systems;
- Slammer Worm Crashes Ohio Nuclear Plant Network (2003). The Slammer SQL worm (for which a patch existed six months earlier) infected the computer Network of the Power plant and disabled a safety monitoring system formerly five hours.
Usually, the main weak spot of the NPPs and enrichment facilities are the workers. In most cases the critical systems are not directly connected to the internet so humans and their equipment have to be used to come inside the high security systems. The only way to reduce this risk is to draw the attention of the workers on security measures and scan all their equipment which has computer chips and storage inside when they enter a high security environment. The parts of the facility that are connected to the Internet are much harder to defend because there can always be zero day exploits which attack unknown weak points in software and hardware. A solution for that could be that power plant companies, countries or other friendly organizations buy the zero day exploits from black markets or give hackers the legal opportunity to sell the found weak points to them. By this the black market prices will grow and the number of security loopholes available to criminals and terrorists will decline. Prices range from a few thousand to a few hundred thousand for general application zero day exploits and up to a million for SCADA system exploits (BS-SCADA 2017) so that is not that much money compared to the income of power producing companies or whole countries. A list of the above mentioned nuclear reactor and facilities is reported in Table 9.
Attack Scenarios | Prevention appraoches |
Stuxnet Monju NPP Japan 2014 South Korea 2014 Gundremmingen NPP Slammer Worm (Ohio NPP) |
– Worker scan – Zero-day buyout – Up to date software – Up to date antivirus |
Scenario 2
Nuclear power plants are one of the most threatening attack targets for terrorist attacks, but the destruction or deactivation of other power plants can have devastating effects, too. The failure of hydroelectric dams for example can cause the flooding of huge regions and can easily kill thousands of people. In the past there had been incidents where exactly that happened. For example, the Banqiao Dam failure with 26 thousand direct deaths and 145 thousand indirect deaths from the following epidemic DFEE (2017). While this was caused by a structural failure [39] and not by an attack, it showed the destructive potential of hydroelectric dams. But there had also been cyberattacks on hydroelectric dams in the past. In particular,
New York Dam. One example of a cyber-attack on a dam was the incident at a relatively small dam in New York in 2013 (Thompson 2013). While less is known about the details of the attack, hackers were able to access the control systems of the dam but were, most likely just because of maintenance work, not able to open the sluice gates. The US government blamed members of the Irans Islamic Revolutionary Guards Corps for the incident who also attacked some financial institutions in the USA.
Arizonas Roosevelt Dam (OCC 2005). Another incident on a hydroelectric dam happened at the Arizonas Roosevelt Dam 1994, where a 27 year-old was able to break into the computer system of the dam. There is not much information on this incident but he had not managed to get control over the flooding gates.
Queensland sewage treatment facilities (Brunst 2010). The only successful attack on a dam where people and the environment were harmed was executed in Queensland, Australian the year 2000. Here the culprit was able to manipulate the control system of the sewage treatment facilities. It took 2 months to detect the attack while massive amounts of putrid sludge ooze were released into rivers and parks. This resulted in the pollution of nature including health problems of animals and residents.
Large scale SCADA attack on multiple power plants. While the failure of a single power plant will most likely not result in a blackout because other power plants can quickly jump in, a large scaled simultaneous attack on several power plants on the other hand could lead to a long lasting lack of electricity. Because it’s unlikely that a terrorist group finds and uses many different weak points of multiple power plants in one single attack, similar standard SCADA controllers with the same firmware or operating system are a better target, because the group have to use just one attack vector.
Compared to nuclear power plants the attack vectors of dams and other power infrastructure systems are relatively similar. The main difference is that the security measures may be lower because the damage caused by an attack would probably be lower and in case of the Queensland sewage for example the risk awareness in such facilities is much lower. This means that the workers have to get risk aware and all computer systems should follow the standard security measures such as up to date anti-virus software, updated software which is proved before deployment and strict division of critical and uncritical systems. A list of the above more important prevention approaches is reported in Table 10.
Attacks Scenario | Prevention approaches |
New York Dam Arizonas Roosevelt Dam Queensland sewage treatment facilities Large scale SCADA attack Havex Trojan |
– Worker scan – Zero-day buyout – Up to date software – Up to date antivirus – worker risk awareness |
Scenario 3
Beside the power plants, the power grids themselves are good targets for terrorists to cut the power supply of people. The whole power grid is controlled by software and computers which in most cases have to be connected to some kind of network to exchange information from one node to another. This makes them very vulnerable to all kinds of attacks.
Physical destruction of power generators. In 2007 the US government wanted to demonstrate that cyber-attacks could not only disable but also destroy power generators. For that they constructed a scenario where they infected the controllers with 21 lines of code which resulted in the destruction of the generators. This was just a prove of concept but showed that cyber-attacks could lead to long lasting damage on the power grid (WIRED 2007).
Hack and DDoS (Distributed Denial of Service) attack on Ukraine power grid. A successful and relatively recent attack brought down the Ukraine power grid in the year 2015 most likely from Russia. Here hackers entered the SCADA systems via a hijacked VPN and send commands to disable the UPS systems by open the breakers. They did also launch a DDoS attack against customer call centers to prevent customers from calling in to report the outage to hinder the operators from noticing what had happened. DDoS are really difficult to defend because it does not use exploits but basic mechanisms of the internet itself. While the filtering of simple ping commands is relatively easy, advanced DDoS attacks send valid packages to the target (CISCO 2014). But there are some countermeasures. Ingress Filtering can be used which drops all IP address packages that do not match a domain prefix associated with the router (Molaviarman 2017). History based IP filtering is another technique which is based on the assumption that source IP addresses remain stable whereas DDos attack addresses have not been seen before. With this assumption the familiar IPs are stored and preferred whereas packages from unknown addresses are dropped when there is no capacity left.
Smart meters. To enhance the efficiency of the power grids, more and more smart meters are installed in households. While this has many benefits for the grid it creates a big risk for it too. Millions of little Internet connected devices regulating the power consumption of households could be used to create blackouts when a sufficient number of them are activated or deactivated simultaneously. Until now this has not happened at a large scale but in the past security weak points had been found in these devices. A detailed list of countermeasures for smart meter attacks is listed in (Aloul et al. 2012). They are based on an implicit deny policy such that access to the network is granted only through explicit access permissions, malware protection, only software from manufacturers for embedded devices, vulnerability assessments at least once a year, user awareness for system configuration, connections over VPNs and robust authentication protocols.
A list of the above more important prevention approaches is reported in Table 11.
Attacks Scenario | Prevention approaches |
Physical destruction of power generators Ukraine grid hack and DDoS |
– Ingress Filtering – History based IP filtering |
Smart meters |
– Implicit deny policy – Malware protection – Manufacturers software – Vulnerability assessments once year – User awareness for config – VPNs – Robust authentication protocols |