Skip to Content

How to Damage a Chemical Plant over the Internet

A security researcher has worked out more than a dozen ways to remotely wreck the guts of industrial facilities.
August 7, 2015

Jason Larsen must be the only person trailing two waist-high metal drums connected with pipes around the conference rooms of Las Vegas casinos this week. He brought them to the Black Hat computer security conference Thursday. And at the Defcon hacking conference on Friday he planned to make one abruptly crumple like a giant beer can crushed by an invisible hand.

The loud demonstration is intended to underscore how vulnerable the guts of facilities like chemical plants or oil refineries are to expensive and life-threatening damage triggered over the Internet.

In recent years researchers have shown that thousands of industrial control systems are hooked up to the Internet with minimal or weak security (see “What Happened When One Man Pinged the Whole Internet”). Details have also emerged about the Stuxnet malware, which damaged equipment used in Iran’s nuclear program.

Urged on by governments, industrial companies have scrambled to improve the security of the computers that control their facilities, and the networks they are connected to. But Larsen, a researcher who works on industrial security at the company IOActive, says that many refineries and plants are still vulnerable. An attacker who evades the systems that detect and prevent digital incursions would most likely have free rein to tinker with the equipment inside, he says.

Working on behalf of industrial clients, Larsen has spent the last few years hacking into plants to show what an attackers might be able to do. He’s worked in the lab to cause what he calls “unexpected physics” inside pumps, pipes, boilers, and other equipment. So far he’s got a list of just over a dozen attacks, with names like “water hammer” and “bi-phase slug with piston effect,” that could cause significant damage and even kill people if a hacker set them in motion.

A water hammer, for example, involves setting up a flow of liquid and then suddenly closing a valve. When all the moving liquid is suddenly forced to stop, the inertia can cause pipes to blow out (it’s also why turning off a faucet can sometimes trigger thuds from a house’s plumbing). Larsen’s other attacks include tricks like causing chemical reactions to take place in pipes rather than in the reaction vessels designed to hold them. He can also use temperature and pressure changes to fire plugs of liquid at high velocity or crumple vessels like the one he planned to squish in Vegas.

Larsen is convinced that as things stand today, many critical facilities need better protection. They are engineered with safety in mind in case of accidents, but not in case of attacks over the Internet. But the good news is that defending them is not an impossible task. Accessing a plant over the Internet takes a long period of probing and experimental tinkering with its pumps and valves to understand how some unexpected physics might be set off, he says. That should provide plenty of opportunity to detect an intrusion. Adding extra release valves and other physical safety mechanisms on top of existing ones shouldn’t be prohibitively expensive, he adds.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.