"Historical examples of this kind of attack include the Stuxnet malware that targeted Iranian nuclear enrichment plants. The malware destroyed centrifuges in 2009 by causing them to spin at dangerous speeds while feeding false "normal" data to operators. Another example is the Industroyer attack by Russia against Ukraine's energy sector in 2016. Industroyer malware targeted Ukraine's power grid, using the grid's own industrial communication protocols to directly open circuit breakers and cut power to Kyiv."
"More recently, the Volt Typhoon attack by China against the United States' critical infrastructure, exposed in 2023, was a campaign focused on pre-positioning. Unlike traditional sabotage, these hackers infiltrated networks to remain dormant and undetected, gaining the ability to disrupt the United States' communications and power systems during a future crisis. To defend against these types of attacks, the U.S. military's Cyber Command has adopted a " defend forward " strategy, actively hunting for threats in foreign networks before they reach U.S. soil."
Stuxnet destroyed centrifuges in 2009 by causing them to spin at dangerous speeds while feeding false "normal" data to operators. Industroyer targeted Ukraine's power grid in 2016, using industrial communication protocols to open circuit breakers and cut power to Kyiv. Volt Typhoon in 2023 focused on pre-positioning, infiltrating networks to remain dormant and gain the ability to disrupt U.S. communications and power systems during a future crisis. U.S. Cyber Command adopted a " defend forward " strategy to hunt threats in foreign networks, while CISA promotes secure-by-design principles and zero-trust architectures domestically. A critical supply-chain vulnerability exists because controllers' firmware relies on third-party components and outdated libraries, creating shared fragility across the industry.
Read at Fortune
Unable to calculate read time
Collection
[
|
...
]