Editorial PROCESS WORLDWIDE 6/2013 End of Innocence
Two decades of digital innocence have come to an end. While we discussed cybercrime, viruses and data theft, an unseen threat lured in the digital jungle. The exposures following the release of Edward Snowden’s NSA files made it clear that everything we do online is not safe and might be seen, recorded and analyzed …
Of course, nobody would have been surprised if competitors or foreign powers were interested in his little secrets — but we were wrong: Actually, it were those, whom we trusted to protect us. And yet, we could have been forewarned: In 2010, the virus Stuxnet stirred up the IT-world. This malware was specially tailored to attack Siemens’ Simatic SC7 industrial control system. As far as we know today, the worm reprogrammed variable frequency drives that are widely used to control motor speeds or other devices in many applications in the process industry. In fact, Stuxnet was the first discovered malware that attacks industrial control systems and the first with a PLC-rootkit. As most of the infected computers were found in Iran, where Siemens process control units are used for the uranium enrichment programme, it seemed obvious that Stuxnet marked a new level of cyberwar. Virus experts immediately stated that a worm this elaborate could not have been cobbled together in hacker’s garage. They suspected another source: the secret services. While the result — a distinctive setback for Iran’s uranium program — may stabilize the fragile situation in the Middle East, the attack marked a tipping point. Does the end truly justify the means?
Stuxnet was a wake-up call. And yet, the disclosure of the NSA-files came as a shock. Now no one will feel 100 % safe again — no individual, no head of state and no company. The fact that the NSA spied on deep sea projects of Brazil’s Petrobras shows that the services will stop at nothing. Who can we trust? First and foremost, it is upon us to ensure safe and reliable data handling, information storage and process control. It all too easy to blame someone else. IT safety, data security and hardened process control systems are not luxury items, but mandatory imperatives — we are responsible. Not only for our own processes and assets, but also for the safety of our customers and employees.