As we saw in this chapter, a total system compromise can be a single vulnerability away. Playing out a scenario as presented here, where a single hole in the security leads to a targeted manipulations of temperatures, used in the PID loop that controls the steam supply of a digester with the purpose to cause a meltdown is a very hard thing to pull off. I takes skill, preparation, a deep understanding of ICS technologies in general and familiarity with the targeted ICS. More common consequences of Mark having a computer with a Java vulnerability going to a compromised website are drive-by downloads of malware like ransomware that will encrypt the victim's computer or every computer on the victim's network. Also a devastating event with a high potential for production downtime and revenue loss that an ICS should be protected against.
In the next chapter we are going to discuss how hacker techniques like these are used for good as well, within risk assessments.