Physically Hacking SCADA — Cyber-Physical Attack Chains
Research on cyber-physical attack chains against SCADA systems, demonstrating how digital compromises produce physical-layer effects.
AFFECTED
SCADA / Industrial Control Systems
SEVERITY
Critical
SUMMARY
Research on cyber-physical attack chains against SCADA systems — covered by The Register in 2018 — demonstrating how compromises in the digital control plane translate into measurable physical-layer effects in industrial environments. Part of the broader cyber-physical research arc that culminated in the DefCon ICS Killswitch presentations.
DETAIL
SCADA — supervisory control and data acquisition — is the layer where the cyber-physical boundary is operationally crossed every day. The control commands that move physical actuators originate in software, which means software compromise has direct physical consequence whenever the upstream defences fail. The 2018 research, covered by The Register, walked through the specific attack chains where a digital intrusion produced measurable physical effects in a controlled test environment.
[TODO(matthew): Replace this paragraph with the specific demonstration — the test environment, the attack chain, the physical outcome, and the controls that broke the chain. Add CVE references if any were assigned.]
The research informed subsequent defensive architecture work in industrial environments and provided the foundation for the ICS Killswitch programme presented at DefCon in 2017 and 2018. The framing it pushed — that cyber-physical risk is not a future concern but a present, measurable reality — has since become consensus in OT security guidance, though field-level implementation still lags the consensus position.
Need this kind of research for your organisation?
Atumcell runs targeted vulnerability research, OT/ICS assessments, and adversary simulation for organisations where the consequences of compromise are categorically different from IT.
MORE ON THESE TOPICS
Or learn more about full advisory engagements.
OTHER.RESEARCH
Progress MoveIt Transfer — Vulnerability Disclosure
Atumcell-discovered weakness in Progress Software's MoveIt Transfer file-transfer product, coordinated with the vendor and publicly disclosed.
Zoho Desk — Vulnerability Disclosure
Atumcell-discovered weakness in Zoho's Desk help-desk product, disclosed to the vendor and reported alongside the MoveIt Transfer finding.
N-able Workgroup Guideline — Security Risk to MSPs
Research finding that N-able's published workgroup guideline created a meaningful exposure for managed service providers and their downstream clients.