The criminals sneak up on the net – and even in the midst of the pandemic, they don’t shy away from implementing their insidious plan. “Production facilities had to be shut down for the time being because of the extortion,” says Steffen Zimmermann. It cannot be ruled out that the consequences of the attack might “run through to Covid-19 supply chains”.
Urgency is not yet clear everywhere
What happened at the French pharmaceutical company Pierre Fabre at the end of March still worries the head of the Industrial Safety Competence Center at the VDMA mechanical engineering association in Frankfurt. After a hacker attack on the plant’s IT department, there were delays in tightly timed processes, and claims for damages were also made. And of all things in an industry that is currently running at full load to further contain the corona crisis.
Whether in medicine, at car manufacturers or in other industrial companies: Not only the office software on the employees’ computers, but also the complex control of entire machine parks is vulnerable to cyber attacks. Serious incidents in the increasingly networked “Internet of Things” with digitally communicating systems are still relatively rare, reports Zimmermann – apart from examples such as the multiple attack on Thyssenkrupp. But the danger is increasing. Some companies still have to be made aware of the urgency.
“It is impossible to protect yourself 100 percent,” admits the VDMA expert. “Anyone can be hit, just as any immune system can be hit by a virus. However, increased awareness must also lead to investments in more security.” Often companies only reacted when hackers had already wreaked their havoc and there was nothing left to do. “The number one topic for the mechanical engineering industry now is cybersecurity.”
Downtime for weeks possible
In the case of large-scale data encryption by ransomware, large production companies could be completely idle for four to six weeks. “With all the consequences, this can take up to nine months – in the end the company doesn’t look like it did before.”
If this happens in times of crisis that are already tense, the risks can build up – especially in the health sector. In the winter there were reports that North Korean hackers are said to have tried to get information about the corona vaccine from the US company and Biontech partner Pfizer.
Hospitals are also not immune to the digital intruders: The Göttingen public prosecutor is currently investigating online blackmail of the clinic in Wolfenbüttel, Lower Saxony. In the Anhalt-Bitterfeld district in Saxony-Anhalt, next to nothing went after a similar action against the IT of the administration.
Impacts are getting closer
What specifically can be done to strengthen prevention and defense? Large insurers have long recognized the problem, but are now pointing to the intensified race between software providers and criminals to discover vulnerabilities and security gaps. The best-known case of a cyber attack on industrial infrastructure is still the Stuxnet virus, which was discovered in 2010 and sabotaged uranium enrichment facilities in Iran.
The impacts are getting closer again. “For a good year and a half we have seen a steadily increasing threat situation, which has recently changed again very dynamically,” says Johannes Steffl, who is responsible for the analysis of cyber risks at the industrial insurer HDI Global in Hanover. “This may partly be due to the corona, because some IT processes in the home office are not so well protected.” But the topic is also becoming more important for “operational IT” in production: “We’re talking about IT that controls systems and machines around the clock. Some companies are still working with old systems.”
In the era of “Industry 4.0”, machine builders would have to consider cybersecurity when designing systems. “That will be an essential quality feature”, says Steffl. “Because if a cyber attack really hits the production line in an entire industry, the damage from a long interruption can be considerable. Or there can even be defects in the products that were still manufactured after the attack.” In industrial circles one can hear from time to time that sometimes there is also the temptation to postpone the shutdown a little – according to the motto: “Never change a running system.”
Risk of blackout
The harmful scattering effect would also be great in the energy industry, keyword blackout risk. Steffl believes that the motifs are often stored differently here. “In the case of attacks on the power grid and similar imaginable actions, one has to think more about terrorist or political goals.” Classic cyber criminals would rather have reservations about paralyzing an entire country. “They are mostly concerned with disruption, not pure destruction.”
Either way, it seems clear: Industry and administration have to take the problem more seriously – and maybe deal with particularly sensitive matters outside of ongoing operations sometimes offline. “We are moving in a world of deceptive security,” says the Lower Saxony Association of Cities and Towns. “In the long run, it only helps us if we work on important things in isolated systems.”
Zimmermann, in whose association companies have formed a working group against network blackmail, sees the core problem as follows: “Carelessness is still a difficult field.”