Anatomy of ICS Attacks
The potential of physical, financial and ecological damage, combined with the vulnerability of ICS networks and lack of visibility and control, makes ICS an attractive target. ICS attacks essentially amount to altering controller logic. The controller logic determines the process limit settings and the steps to prevent the process from reaching these limits (for example: never let the temperature go above 110 degrees).
If a malicious attempt is made to change a process control parameter (e.g. raise the temperature in a turbine to an unacceptable degree), the controller will prevent the change thus negating possible damage to equipment.
Unauthorized Activity/ Attack Scenario
If an attacker changes controller logic and removes these thresholds, the process can deviate from safe operating conditions. A more sophisticated, yet simple to code scenario would cause a controller not only to bypass thresholds, but also send back false data to HMIs and Historians.