There is an interesting article over on PubMemo.com about new cyber-visualization technology that DOD’s Defense Advanced Research Projects Agency (DARPA) is developing to make it easier for cyber warriors to ‘view’ the electronic battlefield. While the article does not mention control systems as part of that environment, it is clear that technology like this will be valuable to military planners trying to execute missions against control systems in industrial settings.
One of the problems that has always faced people who would attack a major industrial facility (chemical plant, electric generation facility, major municipal water treatment plant) is not gaining access to the facility, but rather what to do when access is gained. There is nothing that says ‘open this valve and then turn this controller to this position to blow up this storage tank’.
There is still something to be said for ‘security by obscurity’ as a protection against serious deliberate attacks on control systems in critical infrastructure. Just turning random valves or switches is unlikely to cause catastrophic destruction; there are just too many innocuous water and air valves to hit the cybersecurity catastrophe perfecta by making random changes.
For military planners (or terrorists for that matter) planning a remote attack on a critical infrastructure installation will require the ability to identify and locate critical controls in a timely manner. Only then will the planners be able to put together an attack scenario that will have the specific, limited effect that military planners, contrary to Hollywood movies, really want to employ in a well-executed attack.
It looks like the Pentagon understands this. They should; they’ve been planning complicated operations for years. This is just another target rich environment.