In December 2017, a security system in Saudi Arabia's power plant jumped, preventing a catastrophe at the last minute. Afterwards, experts found that hackers had succeeded in infiltrating the computer virus Triton into the system's computer system. Had the attackers' plan worked, it would have resulted in explosions and the release of hydrogen sulfide gas. Even in the best case, severe environmental damage would have been unavoidable. But it would probably have even come to death. Thus, a whole new quality was achieved in the so-called cyberwar. For the first time, it was no longer just about causing as much damage to the infrastructure as possible, but even the death of bystanders was accepted.
The virus deliberately targets a module
This now more than a year old story is still current for three reasons. For one thing, it was never possible to find out who actually was behind the attack. On the other hand, the security company FireEye now announced that the malicious software is currently being used for attacks on plants in North America and Western Europe. With further details, the company was still back. Such a scenario is certainly possible. Because the Triton virus is a very specialized malicious program. It was programmed to handle the Triconex Safety Instrumented System (SIS) control module from the French company Schneider Electric. The problem with it: The module was developed to detect emergencies and shut down the power plants in case of doubt. In total, more than 13,000 copies of the security module were installed worldwide. The users include, for example, oil, gas or nuclear power plants – and also in Germany.
The human factor is crucial
The plan of the hackers apparently provides this last backup unit under their own control and then trigger a fault. In Saudi Arabia they almost succeeded. When they were discovered, they already had the critical control module under control. Obviously, they then committed a mistake that alerted the power plant's safety systems. It can be assumed that the same mistake will not happen to the hackers again. Experts therefore urge further improvement of the safety precautions in power plants. In the eye, they mainly have the human factor. Because in the power plant in Saudi Arabia there were numerous violations of the security protocol. Thus, warnings of virus programs were simply closed and programs for remote maintenance permanently started.