Press Releases

Energy industry ‘persistently’ vulnerable through internet connections to increased cyber espionage and sabotage attacks

April 16, 2019

Posted by: Anasia D'mello

Sami Ruohonen of F-Secure

A new report highlights that threat actors are advanced and persistent, but companies are using outdated systems and technology to save money. Poor security posture, prioritisation, and awareness are also gifts to attackers, it says.

Malicious actors are targeting critical national infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time.

As energy companies save costs against the backdrop of lower oil prices, consolidating operations can weaken business resilience and redundancy levels. This gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences.

“Espionage and sabotage attacks against CNI organisations have increased over the years and I don’t think we have seen it all yet,” says Sami Ruohonen, labs threat researcher at Finnish cyber security company F-Secure.

Connecting Industrial Control Systems (ICS) to the internet is increasing, and a considerable number of CNI systems in use today were installed and built before 24/7/365 internet connections were the norm and the advent of Stuxnet. Many Operational Technology (OT) components have built-in remote operation capabilities, but are either partly or entirely lacking in security protocols such as authentication.

Moreover, cyber security was not a realistic threat when these systems were manufactured, and legacy protocols and systems never had the built-in security controls that we take for granted today. Transitioning these systems to the Internet has opened them up to attacks from a myriad of angles.

“Critical Infrastructure due to its nature is an interesting target for a foreign nation-state, even during peacetime,” Ruohonen explains.

F-Secure’s report shows that:

While breaches are a certainty, Ruohonen advises organisations review their cyber security posture to implement latest technologies such as an endpoint detection and response (EDR) solution.

“EDR is a quick way to tremendously increase capabilities to detect and respond to advanced threats and targeted attacks which might bypass traditional endpoint solutions,” he explains. “Managed EDR solutions can provide monitoring, alerting, and response to cover the needs 24/7. This means organisations’ IT teams can operate during business hours to review the detections while a specialised cybersecurity team takes care of the rest,” says Ruohonen.

The complete report is available here

Comment on this article below or via Twitter @IoTGN