International Steel Mills

German Report Reveals Cyber Attack on Steel Plant

Written by Sandy Williams


A report by the German Federal Office for Information Security (BSI) reveals that in 2014 a German steel mill suffered serious physical damage from malicious hacking of its computer system.

Unknown hackers broke into the mill’s office network with “sophisticated spear phishing” and worked their way through to the production network. The intrusion caused multiple system failures preventing a safe shutdown of one of the blast furnaces, resulting in “massive” unspecified damage.

The incident was the second known system intrusion to cause direct physical damage to a plant. In 2008, an attack by Stuxnet, a computer worm, caused failure of centrifuges at an Iranian uranium enrichment facility.

According to the BSI report, the security attack in Germany was initiated by an attacker not only proficient in conventional IT security but with extensive knowledge on applied industrial control and production processes.

Although cyber attacks that steal data or destroy networks are common, the German attack highlights the vulnerability of industrial production networks.

In an exclusive PBS interview with NOVA, former NSA contractor Edward Snowden commented on the risk of cyber-attack. Most attacks, said Snowden, are “disruptive, but not necessarily destructive.”

“One of the key differentiators with our level of sophistication and nation-level actors,” said Snowden, “is they’re increasingly pursuing the capability to launch destructive cyber-attacks, as opposed to the disruptive kinds that you normally see online.”

“When people conceptualize a cyber-attack, they do tend to think about parts of the critical infrastructure like power plants, water supplies, and similar sort of heavy infrastructure, critical infrastructure areas,” he said. “And they could be hit, as long as they’re network connected.”

Latest in International Steel Mills