July 11, 2022, the BBC published an article, “Predatory Sparrow: Who are the hackers who say they started a fire in Iran?” The article states that it’s extremely rare for hackers to cause damage in the physical world. But according to the BBC article, a cyberattack on a steel mill in Iran was a kinetic cyberattack meant to cause physical damage. The article goes on to state that the 2010 Stuxnet attack is one of the few – if not the only known – example of a cyber-attack causing physical damage. This statement is often made because of a common view that cyber threats are largely confined to IP network attacks meant to steal data, cause denial-of-service, or hold data for ransom.
However, kinetic attacks are meant to cause physical and/or environmental damage. Kinetic cyberattacks have occurred since at least 2000, and possibly since the early 1980s. The threat actors who conducted these attacks have demonstrated significant knowledge and sophistication about the control systems and what it takes to damage the physical processes. The common threads among these kinetic cyberattacks are they are often identified as equipment malfunctions and can take a substantial amount of time before they are identified as being cyber-related because there are neither cyber forensics at the control system device layer nor training for the engineers to recognize what could be malicious cyberattacks versus equipment malfunctions.
Trying to identify or prevent kinetic cyberattacks requires knowledge beyond just OT network security. The lack of cyber security inherent in the control system devices and networks requires expertise in OT network security, domain knowledge of the systems, and control system device security. Discounting kinetic cyberattacks is done at your peril.