denial of service on industrial installations

After discussing industrial sabotage, our series of attack scenarios on industrial systems continues. Of these attacks, a denial-of-service on an industrial installation is particularly dangerous: it can bring continuous production lines to a long-lasting standstill.

Before going any further, read the article: What is an industrial system and how to protect it?

What is a denial-of-service?

A denial-of-service on industrial installations occurs when an attacker takes direct control of controllers and floods the network to render it ineffective, stop production and possibly cause physical damage in order to complicate the re-establishment of service. Stopping a production tool puts infrastructure in danger and prevents maintenance on a continuous production chain (refinery, water treatment plant, etc.).

Attack fact sheet
  • Purpose: stop production
  • Installation type: continuous, distributed process
  • Impact: hinder the availability of the industrial process
  • Modus operandi: prevent controllers from working

Denial-of-service on industrial installations in 3 stages

1. Penetrating the network

In order to launch an attack, cybercriminals will first have to penetrate the network. For this, they have several options:

  • take control of an industrial station with a malware
  • usurp remote access
  • divert a wireless connection
  • penetrate the network from a physical on-site access point (IT closets, pipelines, etc.)

2. Installation of a control unit

Attackers will then install a unit that allows them to take remote control of controllers.

Raspberry Pi
Control units are generally Raspberry Pi devices. Equipped with a battery and a 4G modem, they allow attackers to control target controllers as if they had direct access from a control console. This type of intrusion is very difficult to detect in the field and can be installed in a matter of minutes without being noticed.

3. Flooding the network

Hackers use the installed unit to attack all machines. This denial-of-service technique via floods, well known in the IT sector, consists of sending too much information to controllers which, in turn, are not able to process it all, become saturated and stop working. Hackers can take advantage of their direct access to controllers and install a non-functional program: this is a denial-of-service technique via reprogramming.

Protecting yourself from an industrial denial-of-service

To prevent this type of attack you must have a powerful surveillance system that is capable of detecting new elements installed on the network or changes in the behavior of a machine. This anomaly detection system can tell if a Windows machine takes on suspicious behaviors as a result of a malware infection.

In order to effectively protect yourself from potential attacks — data theft, sabotage, industrial denial-of-service — it is important that you provide your system with specific protection by considering the context of each event. Specific solutions such as ICS CyberVision by Sentryo allow you to map out and monitor your industrial systems so you can protect all your networks from attacks. Download our free report to have all the essentials you need to ensure the security of your industrial systems.