IT (Information Technology) cares about data confidentiality. OT (Operational Technology) cares about safety and availability. If you patch a server and it reboots, that's fine in IT. In OT, that reboot might cause a gas pipeline to overpressure and explode.
Stuxnet
The most famous cyberweapon in history.
Target: Iranian nuclear centrifuges.
Payload: Changed the PLC code to spin the centrifuges too fast, while telling the monitoring station "Everything is fine".
Lesson: Air-gaps (disconnected networks) are not enough (USB sticks bridge the gap).
1. Protocols (Modbus & DNP3)
These protocols were designed in the 70s.
Modbus TCP:
It has NO authentication.
Anyone on the network can send "Turn Valve ON".
The only protection is keeping the network private.
2. PLC Hacking
A PLC (Programmable Logic Controller) is the rugged computer that controls the robot arm.
Attacks involve:
1. Finding the PLC (Shodan / Nmap `port:502`).
2. Uploading malicious "Ladder Logic" code.
3. Creating a "Logic Bomb" (e.g., wait until 2 AM, then shut down cooling).
3. Triton (Safety Systems)
In 2017, hackers targeted a Saudi petrochemical plant.
They didn't target the control system. They targeted the Safety Instrumented System (SIS). This is the "Emergency Stop" button.
By disabling the safety, they prepared for a future attack that would cause physical destruction without a failsafe.
The Purdue Model
Security by segmentation.
Level 4: Enterprise Network (Email, Internet).
Level 3: DMZ (Historian servers).
Level 2: Control Center (HMI).
Level 1/0: PLCs and Sensors.
Traffic should never flow from Level 4 directly to Level 1.