Attacks take place on industrial control systems (ICS) so as to undermine the integrity of processes that may lead to a malicious functional impact, according to a recent paper, "Stuxnet to CRASHOVERRIDE to TRISIS," written by Joe Slowik of Hanover, MD-based Dragos.In these attacks, purpose-built software was leveraged as part of multi-stage attacks that not only sought to undermine system integrity and disrupt the process, but that were also meant to cause destruction or bring coercion to bear.To start, in 2010, Stuxnet was a deliberate attack on Iran's nuclear enrichment activities, performed with complex malware. But rather than simply make centrifuges destroy themselves, Stuxnet caused infected Siemens PLCs to ensure operational degradation, while hiding the cause of the degradation. The malware increased production defect rate even as it decreased centrifuge operational life.
展开▼