Industrial Control System Security, Medical Devices, and Hidden Cyber Threats

Hacked pacemakers, insulin pumps, connected cars, industrial plants, satellites, and power grids have all been targeted by cyber‑attacks. For years, researchers have warned that malicious actors could weaponize these systems to harm or kill people, often showcasing dramatic proof‑of‑concepts.

While headline‑grabber stories attract attention, they can mask the everyday threats posed by legacy software, unpatched operating systems, misconfigured networks, and outdated firmware. These commonplace vulnerabilities remain the most common entry points for attackers.

Industrial Control Systems (ICS) are integral to everything from satellite guidance to oil‑and‑gas pipelines to factory automation. Historical incidents—though often difficult to verify—suggest that sabotage has disrupted critical infrastructure for decades. For example, Thomas C. Reed, former Air Force Secretary, alleges that Trojan malware was used on equipment controlling a Trans‑Siberian gas pipeline, causing a massive explosion (Reed, “At the Abyss”).

Internet of Things World—the convergence of industry and IoT innovation. Secure your conference pass and save $350 for a free expo pass, or view the IoT security speakers at the event.

Cyber‑attacks on connected industrial assets are now commonplace. Major vendors—IBM Managed Security Services, Kaspersky Lab, and others—have reported a surge in incidents. In March, Norsk Hydro, one of the world’s largest aluminium producers, experienced a cyber‑incident that disrupted production in both Europe and the United States.

To counter this threat, Siemens and TÜV SÜD have launched a joint initiative called “Digital Safety & Security Assessments.” “Attacks on operational technology can lead to shutdowns or worse,” said Leo Simonovich, Vice President and Global Head of Industrial Cyber & Digital Security at Siemens. “Unlike in IT, where data loss is the main concern, OT breaches can directly threaten people’s safety.” The partnership offers energy‑sector customers tools to assess and manage cyber risk.

Simonovich highlighted the Triton malware discovered by Dragos in a Saudi Arabian facility in 2017, noting that it was able to move from IT to OT and then to safety‑critical systems with relative ease. “The ease of that transition is what makes Triton so frightening,” he said.

These incidents illustrate a broader trend: while sensational “black‑hat” scenarios capture headlines, the more realistic threats stem from legacy malware such as Kwampirs (discovered in 2015) and Conficker (first identified in 2008). “Even seasoned experts admit that the simplest tools can still cause real harm,” said Stephanie Preston Domas, Vice President of Research & Development at MedSec.

The 2017 \"WannaCry\" ransomware attack—which Europol described as unprecedented—demonstrated how commodity malware can cripple both industrial and medical facilities. It infected roughly 200,000 computers worldwide, forced Nissan to halt production in the UK, and led to significant disruptions at Deutsche Bahn and other transport operators. The attack cost the UK National Health Service nearly £100 million and caused the cancellation of 19,000 appointments.

Similar exploits, such as \"NotPetya\", inflicted millions of dollars in damage on shipping giant Maersk and highlighted the risk of nation‑state tools leaking into the wild. Both WannaCry and NotPetya leveraged the EternalBlue exploit, originally developed by the U.S. National Security Agency. Recent investigations reveal that Chinese intelligence operatives have repurposed NSA‑derived tools for independent attacks.

“We need to move beyond the ‘bad guys’ narrative,” Domas argues. “When a cyber‑attack leads to patient harm, it is often accidental—a side effect of other system activities. The focus should be on mitigating everyday risks.”

Research on OT security echoes this sentiment. Simonovich notes that most breaches involve some degree of human error, and insider threats constitute the majority of attacks in the industrial sector.

Ultimately, protecting connected industrial and medical environments requires clear risk awareness. “Technology‑savvy professionals are increasingly aware, but many non‑technical staff remain oblivious,” said Domas. “Risk assessment and threat modeling must guide mitigation priorities because you cannot fix every vulnerability.”

Effective risk management involves prioritizing threats that pose the highest impact and likelihood, and implementing layered defenses—patch management, network segmentation, secure firmware updates, and robust incident response plans.