Cyber attacks are no longer an invisible threat: By 2021, experts estimate that companies worldwide will have to expect damage of up to 6 billion US dollars. The loss of image and monetary losses which companies have already suffered as a result of hacker attacks are tremendous. But what physical impact can cyberattacks have on public safety? What visible and noticeable damages can hackers cause by an attack?
According to the Global Risk Report 2019, for the third year in a row, cyber attacks are among the most severe global threats, along with weather extremes, the failure of climate protection and natural disasters. In addition, widespread cyberattacks and the collapse of critical infrastructures due to a cyber attack are considered to be the second most frequent danger in terms of probability and potential impact.
The stability of societies worldwide is no longer only influenced by natural disasters or terrorism; the effects of cyber attacks must also be taken into account in global security precautions. The focus of cybercriminals is no longer limited to large companies or private individuals in order to enrich themselves financially. Industries and critical infrastructures such as hospitals and other public utilities are increasingly targeted by cyber attacks. In 2010, the computer worm Stuxnet in the IT system of Iranian nuclear power plants caused irreparable damages to several uranium centrifuges. The attack is regarded as the first cyber-physical attack that caused immense defects to a military target.
When the electricity doesn’t flow: Attacks on public utilities
A study by the Ponemon Institute revealed that 90 percent of utilities in the United States, England, Germany, Australia, Mexico and Japan, and many more, were victims of at least one successful cyber attack. More than 700 security experts working in critical infrastructures were surveyed. The participants reported that about half of the attacks led to downtime in utility service.
The blogpost „Critical infrastructures – probably the most vulnerable point of a country“ already gave an insight about the devastating consequences of a cyber attack on public utilities. An attack that causes a blackout would lead, among other things, to the collapse of the traffic system and the failure of cooling systems. Especially in hospitals, the refrigeration of special vaccines or medicines is essential for their efficiency.
An attack on the Ukrainian power grid showed that hackers are quite capable of shutting down critical infrastructures: Shortly before Christmas 2015, cyber criminals took over the country’s infrastructure. An employee opened an email containing a malicious program that installed the malware “Black Energy” which eventually led to the failure of the supply systems. The result: 700,000 people had no electricity for about 24 hours.
Increasing number of attacks on the healthcare sector
In recent years, healthcare facilities have increasingly become the focus of cybercriminal activities. In 2016, hackers introduced a malicious program into the network of the Lukas Hospital in Neuss. The hospital had to switch back to the use of paper and pen. Radiotherapy for cancer patients had to be stopped and the emergency room had to be shut down.
In 2018, the Fürstenfeldbruck Clinic had to manage daily work without their computers for more than a week – due to a cyber attack. Only patients who were seriously injured or ill were taken to the hospital. In summer of 2019, several facilities of the German Red Cross were attacked.
These incidents show how vulnerable the IT systems of hospitals are. And what happens if cybercriminals exploit the vulnerabilities to infect medical devices with malware, for example?
The worst-case scenarios: If patient data is encrypted, nurses and doctors no longer have access to old files in which, for example, possible allergies to antibiotics and other drugs are noted. An allergic reaction or overdose can be fatal for a patient. But it is not only data that can be encrypted, stolen or manipulated by hackers. Today, various medical devices are connected to the Internet, including diagnostic imaging devices such as MRI and CT or infusion pumps and cardiac pacemakers. Manipulation of the devices during an operation on vital organs can cost lives.
Minor vulnerability, major impact
Our digital world connects our analogue lives with our online activities. The magnitude of attacks on the IT infrastructure of, for example, government or healthcare facilities can have a major impact on physical life. This is proven by the numerous examples mentioned. A growing number of cyber attacks, such as on critical infrastructures, which are being focused on more and more alongside companies, is definitely to be expected. However, currently it is unlikely that one of the worst-case scenarios described will actually occur. Nevertheless, it is essential to raise awareness of IT security and the risks of cyber attacks. Because even a small security gap can have serious consequences – which are now considered one of the greatest global threats along with the dangers of natural disasters.
- Anette Dowideit, Jan Lindenau. Wasser und Stromversorgung im Visier der Hacker. [abgerufen am 12.08.2019]
- Boris Kartheuser. Saudi Arabien Cyberangriff auch in Deutschland wiederholbar. [retrieved 06.08.2019]
- Dan Simmons. Cyber-attacks ‘damage’ national infrastructure [retrieved 05.08.2019]
- Handelsblatt. Wenn der Klinikrechner zum Angriffsziel wird [retrieved am 06.08.2019]
- Henning Steiner, Oliver Günther. Kliniken im Visier von Hackern [retrieved 13.08.2019]
- Joe Myers, Kate Whiting. These are the biggest risks facing our world in 2019 [retrieved 05.08.2019]
- JR Minkel.The 2003 Northeast Blackout–Five Years Later [retrieved 06.08.2019]
- Matthias Kess.Cyberangriffe auf Krankenhäuser über E-Mails. [retrieved 05.08.2019]
- Michael Kroker.
Die Wahrscheinlichkeit eines Cyberangriffs im Vergleich mit Einbruch, Blitzschlag & mehr [retrieved 05.08.2019]
- Mohit Joshi, Peter Schmitz, Vishal Salvi. Die Finanzbranche und der Kampf gegen Cybercrime [retrieved 09.08.2019]
- Nisarg Desai.Es gibt niemals nur eine Hintertür [retrieved 06.08.2019]
- Ralph Langner. Stuxnet und die Folgen [retrieved 12.08.2019]
- Sarah Stephens. Why companies underestimate the physical damage of cyber attacks [retrieved 06.08.2019]
- TrendMicro. Exposed and vulnerable critical infrastructure [retrieved 07.08.2019]
- World Economic Forum. Global Risks Report 2019 [retrieved 07.08.2019]
- Will Stefan Roth. Kritische nationale Infrastruktur in Gefahr. [retrieved 09.08.2019]