It was 5 p.m. on a June Saturday a few years back when a major U.S. auto manufacturer suffered an attack by the Slammer worm.
A SQL patch was available for the previous six months but they had not yet applied it to their systems. The system is running fine, they probably thought, so why apply a patch? The worm was efficient and quick. It ultimately ended up slithering its way into 17 of the manufacturer’s plants, and it took eight hours to contain the worm.
In eight hours, that worm cost the auto maker $150 million.
The Slammer worm hit years ago and did serious damage; Stuxnet hit just last year and brought down a nuclear facility. Those event will continue and one way to help protect your plant is to arm yourself with as much knowledge as possible.
That is also where the Repository of Industrial Security Incidents (RISI) from the Security Incidents Organization (www.securityincidents.org) comes into play. Through the organization, it is possible to obtain reports and learn from what has happened and apply thorough analysis.
In the case of the auto maker, limited infrastructure firewalls did nothing to prevent the spread. Ultimately, IT had to detach the unprotected telecom infrastructure which appeared to be the primary mode of spread between plants.
In the end, the manufacturer had to rebuild more than 1,000 computers and they had to conduct an audit of all plants for external unwatched/unprotected data connections. One plant alone had over 400 violations. They conducted security awareness training in all plants.
The Slammer worm has quite a reputation and is now in the trophy case of historic cyber events, but that incident just goes to show how quickly and how expensive any type of cyber event could be.
If you would like full membership to the Security Incidents Organization at a discounted price, then click here through ISSSource.com. As a member of the organization, you can access various valuable reports.