Wednesday, January 4, 2012

Dow Hack Prediction

Yesterday I made a late entry into the ‘Predictions for 2012’ game that is standard fare for so many columns and blogs. In the closing paragraph I made prediction that caught a lot more attention than I had expected. I wrote:

“I’ll go out on a very thick limb here and predict that we are going to see major new action in the merger of political activism, the anarchy movements, and computer hacking. This will be the source of major news stories for this year. I would not be surprised to hear that DOW gets major attention for their sponsorship of the Olympics and it could include one or more control system hacks, most likely a DOS type attack shutting down one or more production facilities.”

Dale Peterson over at (which I periodically write for) was kind enough to tweet that this was a “bold, specific prediction”. I certainly thank Dale for that comment as it did draw some new readers to this blog, but a closer look at my reasoning will show how easy a prediction it was to make.

Dow as a Target

I have long maintained in this blog that potential threats against high-risk chemical facilities come from far more than just al Qaeda and its loosely linked wannabes. The radical fringes of the environmental movement have long lists of reasons to want to attack chemical companies in general and Dow has got to be high on their list of ‘environmental evil doers’. Dow is a large scale developer, producer, storer and transporter of a number of hazardous chemicals.

When Dow bought Union Carbide ten years ago, they not only acquired new product lines and production facilities, but they also inherited the blame for the 1984 Bhopal ‘gas tragedy’ and the 2,000 to 8,000 deaths associated with that accident. Because of this the International Olympic Committee has come under fire for their accepting Dow’s donations to become an Olympic sponsor for this year’s summer games in London. Demonstrations against, and political attacks on, Dow will certainly continue through the Games this summer.

Finally, Dow is a large multi-national corporation with major amounts of political pull and power in Washington and other capitals around the world. This brings them to the attention of various anarchist movements, making it a potential target for any number of groups with an increasing propensity for small-scale violence and demonstrated capabilities for disruptive behavior and attacks.

Eco-Cyber Attacks

Terrorists always have something of a moral dilemma that they have to deal with; the more successful their attack the larger is the number of innocents that are harmed or killed. When outright psychopathy is not involved this dilemma is resolved by claiming to work for the greater good or even blaming the innocents for complacent complicity in supporting the evil being attacked.

Environmental terrorists have to deal with this quandary as well as the dilemma of their attacks harming the very environment that they are attempting to protect; it’s hard to claim that the environment is complacent. This is one of the reasons that the damage caused by environmental terrorists to date has been physically limited, but this has also limited their political and propaganda exposure.

If a way could be found to limit the environmental consequences of their attacks the number of potential eco-terrorists would increase as more mainstream activists would be able to resolve their moral problems with attacks that cause chemical releases. This favors disruptive attacks more than the ‘conventional’ bomb-throwing, destructive attacks.

This is one of the reasons that I think that we will see the rise of the eco-cyber-attack. Attacks on the control-systems and inventory-management systems of chemical facilities would be just the type of disruptive attacks that could attract larger elements of the environmentalist communities. They would be able to disrupt the production and distribution of objectionable chemicals without causing physical harm to neighboring innocents or the environment.

Anarchists are likely to see the larger benefit from this type of attack as well, but they won’t be as limited in their target selection. Political and economic process controls will also be very susceptible to this type of attack with data centers being prime targets.

Dow as Cyber Security Leader

There is one factor that I did forget to mention in my original post, Dow Chemical has been a leader in the chemical industry for the development of cyber security defenses. I do not know how much of that has been concentrated on the process-control side of their computer systems, but I would suspect that they would have some of the best protected control systems in the industry.

While this would make it more difficult to conduct a DOS style attack on Dow control systems, it would certainly not make such an attack impossible or even unreasonable. With the proliferation of control system vulnerabilities (particularly those favoring DOS attacks), I would be very surprised if a dedicated hacker couldn’t find a way to make it happen.

And don’t ever forget that in the hacker community the more difficult the target the more credit the successful hacker gets for their accomplishment. And the easier it will be for less skilled followers to use the same techniques on less well protected systems.

No comments:

/* Use this with templates/template-twocol.html */