Companies responsible for infrastructure typically run at least two types of networks. The first is a standard network for business operations, such as customer service, billing, and the like. The other is a supervisory control and data acquisition (SCADA) network, which is responsible for the actual infrastructure.
SCADA security has been a concern for years. In 2009, someone used vulnerabilities in Sieman computer systems to cause physical damage to Iran’s nuclear program. The Department of Homeland Security’s critical infrastructure work focuses in large part on SCADA systems.
Unfortunately, the desire for more functions has led to closer ties between SCADA systems and other network infrastructure. These functions include remote administration, data gathering, and financial tasks. In fact, as local utilities across the country have decreased staff, the need for remote administration has increased. This increase led to a dangerous attack on a water treatment plant in Florida earlier this year. Luckily, a worker saw the intrusion and was able to stop the attack before the attacker was able to add dangerous levels of sodium hydroxide to the water supply.
Other infrastructure attacks have led to extensive damage. For instance, intruders were able to damage a blast furnace in Germany through remote access. As more of these systems are connected to external networks, more attacks will occur. Inevitably, they will lead to someone dying as a result of a cyberattack.