Iranian cyberattacks threaten our daily operations - opinion

According to a Sky News report based on classified documents allegedly from Iran, a cyber attack could sink a cargo ship or blow up a fuel pump at a gas station.

UNTIL NOW, building owners did not add nation-states into the reference threat options, a mistake that needs to be addressed. (photo credit: KACPER PEMPEL / REUTERS)
UNTIL NOW, building owners did not add nation-states into the reference threat options, a mistake that needs to be addressed.
(photo credit: KACPER PEMPEL / REUTERS)
According to a Sky News report based on classified documents allegedly from Iran, a cyber attack could sink a cargo ship or blow up a fuel pump at a gas station.
The Sky News report also details how satellite devices are used by the shipping industry globally and how a computer-based system controls lighting, heating, and ventilation in smart buildings worldwide.
According to a security source with knowledge of five research documents, the 57-page collection was gathered by an offensive cyber unit called Shahid Kaveh, part of Iran’s terrorist-linked Islamic Revolutionary Guard Corps (IRGC).
 “They are creating a target bank to be used whenever they see fit,” said the source, who requested to remain anonymous for the documents to be discussed directly.
 Almost all of the files include a quote that appears to be from Iran’s Supreme Leader Ali Khamenei: “The Islamic Republic of Iran must become among the world’s most powerful in the area of cyber.” Sources describe this quote as something like a “commander’s intent statement.”
The front pages of only two of the reports mention the date of completion.
The first examines what is known as a building management system – the computer technology that controls things like lights, heating, and ventilation in smart buildings – from November 19, 2020.
Companies that provide these services are listed in the documents. Several manufacturers were involved, including Honeywell in the United States; Schneider Electric, a French electrical equipment company; Siemens, a German company; and KMC Controls, another US company.
Another report, which deals with a German company called WAGO, which makes electrical components for the industrial automation market, is dated April 19, 2020 and is the most comprehensive.
The file examined vulnerabilities in a programmable logic controller or PLC – a computer control system.

Stay updated with the latest news!

Subscribe to The Jerusalem Post Newsletter


“Continuing the investigation, to use these processes, we noticed the vulnerabilities within these systems are irreparable. If there is an attack, the damage will not be easy to fix,” the report said.
“Therefore, compared to other PLC brands, this brand is impenetrable once connected online. When online, the infrastructure and intelligence on engineering cannot be reached and cannot be lost.
“For our benefit, the best situation is for the PLC not to work as intended, and for that to happen, a project must be written in ‘ladder’ language and have multiple exits, as many as possible. But the problem with this project is that we wouldn’t be able to assess the damage caused. The other option is to assess the PLC’s and software’s weak points and dangerous points to attack our target. This option needs separate investigation and research before we can find the weak points.”
The Iranian attack Unit 13 is not working in a vacuum. There are many attack groups for nations, companies, and criminals, with the last two seeking money as an incentive. Governments do not follow those rules, and their agenda might not be as clear.
This is why documents describing such targets with attack openness, as those documents describe, are rarely published or exposed in such a manner.
The document provides a glimpse into the attackers’ way of thinking regarding the targets’ owners and the possible attack vectors and destruction capabilities required to harm the target.
Until now, smart building owners did not add nation-states into the reference threat options, and by closely examining the reports, it’s clear that this was a mistake that needs to be addressed. 
WAGO, a German manufacturer of industrial automation, was one of the attack vectors described in the report. Many types of automation equipment are used in the industrial automation market and with Cloud-PLC service.
Many of the devices used in industrial automation and building automation are not updated. Vulnerability issues are not addressed, allowing the Iranians and other attackers to continue and hold ground on the victims’ systems for many years.
Industrial and building management systems are a key to ensuring safety. With millions of systems globally, those attack groups pose a significant risk to the modern life that we get used to in our daily lives.
The writer is a senior ICS/OT Division manager, BDO Israel.