Think cyber security is a 21 st century problem? Think again.
May 26, 2015
Think cyber security is a 21st century problem? Think again.
For years, we’ve worried about hackers or malicious software gaining access to our personal information and corporate data.
But only recently have businesses begun taking these threats seriously.
The number of cyber attacks is
increasing exponentially, particularly
in businesses responsible for creating
and maintaining critical
infrastructure.
In late 2009, targeted cyber attacks labeled Night Dragon were conducted against
global oil, gas and petrochemical companies. The attacks used social engineering
methods like spear phishing and took advantage of vulnerabilities in Microsoft
Windows and Microsoft Active Directory to gain access to confidential systems. Once
inside, hackers used remote administration tools (RATs) to control the systems and
harvest sensitive, confidential information.
Through the attacks,
companies in the oil and gas
industry learned that they too
are vulnerable to the types of
attacks that those in the
consumer sector have faced
for years.
In response to this surge of illegal
activity, the United States Department of
Homeland Security created ICS-CERT,
which records cyber security incidents
and aims to develop solutions for
demonstrated vulnerabilities in industrial
systems.
ICS-CERT: Industrial Control Systems Cyber Emergency Response System
According to ICS CERT’s quarterly newsletter The Monitor, a whopping
40% of the cyber-attacks reported in 2012 targeted the energy industry. Saudi Aramco: a disgruntled insider used
Shamoon malware to target and take down some 30,000 work stations.
Televent Canada: hackers breached internal firewalls and security systems, gaining access to OASySA SCADA information that could be used in future attacks on industry control systems.
RasGas Co: a targeted assault used a virus to shut down the company’s website and email servers
JP Morgan Chase & Co. and Wells Fargo: distributed denial of service (DDoS) attacks took down the websites of national banks and disrupted customer transactions for hours.
Of the cyber incidents of 2012, many targeted notable oil and gas companies:
In light of the rise in cyber attacks, people in power are starting to pay attention:
“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the nation’s critical infrastructure in the face of such threats.”
-President Barack Obama
In February, President Barack Obama signed an executive order with the goal of preventing cyber security attacks.
As the federal government takes action, ABI Research estimates that cyber security spending on oil and gas critical infrastructure will reach $1.87 billion by 2018.
Unfortunately, we have adopted technology faster than we can adapt to it.
Hackers have the ability to search YouTube for information on how to access this technology, and they can even access step-by-step instructions for bringing infrastructures down.
So what can your company do about it?
You must be aware of potential threats to your business and put mitigating factors in place. And someone must continually monitor and update your systems in order to react to the data you collect.
It starts with being prepared.
Now is the time to stop being reactive and start being proactive.
You must first identify vulnerabilities to develop fit-for-purpose solutions.
Cyber security strategies are complex and multi-layered. In the defense-in-depth approach, security is like an onion with your
data at the center and surrounded by radiating layers of protection.
defense-in-depth protects your Data at its core and includes protective measures in each of the following layers:
• Application• Host security
• Internal network• Perimeter• Physical
• Policies and procedures
Download our brief on cyber security! Learn more about Industrial Cyber Security at
CIMATION.COM/CONTACT-US