To highlight vulnerabilities, Georgia Tech researchers have developed a new form of ransomware that can take control of a simulated water treatment plant. Shown are Raheem Beyah, associate chair in the School of Electrical and Computer Engineering, and David Formby, a Georgia Tech Ph.D. student.
By John Toon
Cybersecurity researchers have developed a new form of ransomware that was able to take control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings.
The simulated attack was designed to highlight vulnerabilities in control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and building management systems. Believed to be the first to demonstrate ransomware compromise of real PLCs, the research was presented at the RSA Conference.
Though no ransomware attacks have been publicly reported on the process control components of real industrial control systems, such attacks have become a significant problem for patient data in hospitals and customer data in businesses. Attackers gain access to these systems and encrypt the data, demanding a ransom to provide the encryption key that allows the information to be used again.
“We are expecting ransomware to go one step further, beyond the customer data to compromise the control systems themselves,” said David Formby, a Ph.D. student in Georgia Tech’s School of Electrical and Computer Engineering. “That could allow attackers to hold hostage critical systems such as water treatment plants and manufacturing facilities. Compromising the PLCs in these systems is a next logical step for these attackers.”
Many industrial control systems lack strong security protocols, said Raheem Beyah, Motorola Foundation Professor and associate chair in the School of Electrical and Computer Engineering, and Formby’s faculty advisor. That’s likely because these systems largely haven’t been targeted by ransomware so far, and because their vulnerabilities may not be well understood by their operators.