Back in 1982, the CIA uncovered a plot by the Soviet Union to steal industrial software for controlling its rapidly expanding network of natural-gas pipelines. In response, the agency modified the software using malware designed to cripple the pipelines and then tricked the Soviets into stealing it.
This ruse turned out to be spectacularly successful. The Soviets installed the modified software—an industrial control system called SCADA—on a Siberian pipeline. After it operated normally for some months, the malware began closing safety valves, causing the pressure in the pipeline to rise beyond what the welds and joints could withstand. Eventually the pipeline exploded, causing “the most monumental non-nuclear explosion and fire ever seen from space,” according to the Washington Post, which reported the story in 2004.
This incident has gone down in history as the first example of a malware attack on an industrial control system. And it set the stage for a campaign of cyberattacks that shut down the phone system at the air traffic control center at the airport in Worcester, Massachusetts, in 1997; disabled safety systems at the Davis-Besse nuclear power plant in 2003; and destroyed centrifuges at the secret Iranian nuclear enrichment facility in 2010—to name a just a few incidents.