Oil and gas refineries— and the pipelines, ships and trucks that deliver their raw material and products — are huge systems. Refineries require hundreds of employees, and the machines they operate, to handle extremely flammable materials without making mistakes.
But the workers need accurate information to do so. Malicious software could provide false readings, open and close valves at the wrong times or damage industrial firmware — all with potentially lethal consequences.
"At the end of every control system is a physical thing," said Dale Peterson, founder and chief executive officer of Digital Bond, an IT security consulting company in Sunrise, Fla.
Peterson noted that fatal accidents demonstrate what can happen when something goes wrong, and that hackers who can make things go wrong are all the more dangerous.
"The BP Texas City refinery explosion," which killed 15 and injured 270 in 2005, said Peterson, "was due in part to a control system not displaying properly."
In this case, a broken gauge failed to alert workers that flammable gas was escaping. A hacker could easily replicate a broken gauge on an electronic system.
Aside from foreign countries, terrorist groups, or disgruntled employees, said Peterson, there's also the danger of a prank gone horribly wrong — some lone hacker doing it for the "lulz."
"It's sort of surprising that hasn't happened more often," Peterson said.