The threat to the safety of industrial processes from breaches in the security of safety critical electronic control systems has been identified. Such breaches can result either from targeted malicious attacks or from exposure to the wide range of threats (e.g. viruses) ever present in an open environment such as the Internet. The increasing use of common, open operating systems, combined with wireless networking and greater inter-connectivity of process control, safety-related systems and business management or external networks (including of course the Internet) is leading to the likely occurrence of such problems increasing markedly.
Some observers believe that the number of security incidents is rapidly increasing although few of these, to date, have led to actual hazardous events.
Attacks by hackers, disgruntled employees, criminals etc. are commonplace but are to date mostly being directed at activities such as spamming or denial of service or for monetary gain involving identity theft, fraud, extortion and the like. However, the same methods by which these attacks are carried out can readily be adopted to seriously disrupt processes and services in a way which could lead to major health and safety risks for operators and the public. This is recognised e.g. in a recent briefing note (17/10/2005) from the government's "National Infrastructure Security Co-ordination Centre" (NISCC), which points to the threat to Critical National Infrastructure (transport, energy etc.) from "botnets". These are networks of "robot" programs, which have covertly infected victims' computers and which can then be used in combination, for malicious purposes.