In late June, an obscure twitter account posted surveillance footage from inside an Iranian steel mill, from the morning on 26 June 2022. The video seems to capture a catastrophic industrial failure happening in realtime. If press reports are to be believed, hackers deliberately took control of the facility and caused tons of molten steel to spill onto the floor of the mill.
The group claiming responsibility also posted photos of the “human-machine interface” (HMI) control systems that seem to run the same facility:
A few quick points:
Even in Iran, a country under extreme sanctions from Western countries, the digitization of industry is moving forward.
The HMI the hackers seem to have access to is made by a Western company called Paessler.
The group claiming responsibility - the name translates to “Predatory Sparrow,” though it is an obvious Angry Birds call-out - asserted that it attacked more than one facility.
The attack is the latest in a string of attacks in Iran, one of which paused the nation’s gas station infrastructure and rail infrastructure.
Welcome to “the infinite front.”
The odd synthesis between the finance, compliance, and insurance industries have created a network of interlocking incentives that prize short-term efficiency. At the dawn of the Information Age, this trifecta created a kind of gravity around short term productivity and uptime, eschewing mechanical systems whose efficiency, measured in decades, was quite well known, for digitized systems that promised increases in performance.
The trend has only accelerated. Our industries are increasingly governed by computer chips and electrical impulses. From cars to factories, power plants to air conditioners, the worlds of atoms and bits are converging.
It has all created what I call an infinite front: a digital surface area that exposes nearly every single hard aspect of human civilization to cyber risk. Tractors with firmware. Power plants that can automatically adapt to changing power grid dynamics. Warehouses that automatically pick, pack, and ship. Air conditioners that know when you are on vacation.
The world of atoms, not just bits, will soon need robust cybersecurity platforms well beyond current offerings. It is what we are building Galvanick. Over the past few months as we have talked to investors, customers, and others, the question comes up, “just who will need something like this?”
The answer for this brave new world is everybody.
Why? Because the barriers to entry and exit into the marketplace of cyber-industrial sabotage are declining rapidly. A recent Vedere Labs report illustrated how simply ransomware could be applied to industrial systems. And a DOJ indictment of Russian hackers openly states that they were developing capabilities to override safety systems in oil and natural gas facilities for years.
This is the beginning of the beginning.
Tales from "the infinite front"