https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2014.pdf?__blob=publicationFile
"I didn't do it, nobody saw me do it, you can't prove anything."
What's really shocking is how little we've actually spent to get ready, and how unprepared we actually are.
Really? How hard is it to complete isolate your production subnet from your business subnet?
I guess they will be thinking about this now....
Next target: nuclear plant control system.
1) World economy seems to be a bit iffy. Unemployment, Inflation, Oil prices, Gold reserves -- we've all seen the stories. If some big 2008-like crash happens sometime soon, I don't think anyone will be totally shocked.
2) Cyber attacks against things like our power grid are a real concern. It could be devastating and we are just not well protected.
Now join them together -- the world economy takes a big dip (not because of a conspiracy, just because dips happen), and THEN North Korea, or China, or Russia, or Iran, or whomever, decides to take down our power grid.
That'll hurt.
What the hell is so hard about keeping networks separate?
“The attackers gained access to an unnamed plants office network through a targeted malicious email and were ultimately able to cross over into the production network.”
Shades of Battlestar Galactica!! (new series)
I’m sure it probably seemed like a good idea at the time to interconnect these two systems.
(Since they wrote “ultimately,” I’m probably over-simplifying a complicated piece of hacking.)
Of course, there is also the question of being able to remotely start up a furnace when the plant was unmanned as well. Another example of German engineering genius, I’m sure.
(Don’t read German, so I’m not sure if this was the case. If the production area WAS manned, it’s actually worse since humans would have been present but were inhibited from stopping the process and preventing the damage.)
Probably just as well these smart people don’t have nuclear weapons.
Wait until they hit our fragile grid...