Page 7 - Cyber Warnings
P. 7
Protecting energy facilities from cyber attack
Energy companies are often targeted by sophisticated hackers looking to create disruption
across national economies. Although they are a challenge to protect, there are clear
procedures they can follow to both assess their risk and mitigate it.
By Eric J. Eifert, Sr. VP of Managed Security Services
Over the past few years we have witnessed a paradigm shift in cybercrime: attacks have moved
from focusing on stealing confidential information for gain and reputational damage, to
manipulating complex systems to produce real-world effects. Increasingly, industrial control
systems are linked to the wider internet. While this has increased efficiency, enabled the
collection and analysis of performance data and allowed remote maintenance, it has also left
systems vulnerable to malicious interference.
Oil and gas firms, which underpin the economy of the GCC, are exposed across the full
spectrum of cyber threat from loss of intellectual property and loss of their reputation, to
disruption of operations. While traditional threat actors; rivals, criminals and environmental
activists persist, we’re seeing a concerning rise in sophisticated attacks against control systems
by state-sponsored agents.
The malware programme nicknamed Stuxnet (discovered in 2010), generally thought to be the
product of intelligence service cyber co-operation, targeted computers that controlled
centrifuges in a nuclear enrichment programme, altering their rotation speeds, causing the
centrifuges to tear themselves apart and producing a cascade of second-order effects. Ukraine
also suffered a multi-tiered attack on its energy facilities in December last year.
The Ukrainian CERT reported that in total eight facilities were attacked, ultimately leading to a
loss of power for 80,000 people in the middle of winter. Although most recovered their power
within three hours, after-shocks continued for days with power company employees having to
travel along ice-covered roads to remote sub-stations to manually close breakers the hackers
had opened remotely.
Most sinisterly, the attack was multi-pronged; opening of breakers was accompanied by
spoofing of monitoring systems and a distributed denial of service attack on helplines, all
designed to systematically prevent the Ukrainian authorities from resuming control. Although no
one has claimed responsibility for the attack, one company did manage to trace it to an ISP
operated in Russia.
Energy companies are particularly vulnerable to this type of attack because of the sheer
complexity of their infrastructure and their intersection with third party suppliers and contractors
over whom they may have little control. Energy is a strategic target for malicious actors, as
power interruptions, even if minor, can cause a cascade of secondary consequences which may
cause longer term chaos.
7 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
