The energy industry, comprising of oil, gas and chemical industries, public utilities (including nuclear, electric & coal), and renewable energies, is at constant risk from cyber attacks. Highly publicized attacks on the energy sector include Energetic Bear (using the Havex Trojan) and Icefog (using a backdoor dubbed Javafog). The energy sector is particularly vulnerable because it possesses valuable intellectual property and provides critical services that could be targeted by hacktivists or foreign state actors for sabotage purposes. With legacy systems built decades ago, the energy industry faces further challenges in adding cyber security measures to systems that were not built with cyber attacks in mind, coupled with the fact that down-time for system upgrades is virtually impossible due to their critical nature.
Making matters worse, organizations continue to co-mingle their IT and operational technologies, causing diverse business segments to converge with one another. ERP systems are integrated into ICS and SCADA networks. Mobile networks are being used for signaling and data transmission on utility infrastructure. These innovations along with smart buildings and the Internet of Things (IoT) create new high-risk targets for cyberterrorists and thieves to attack.
What should be done to protect energy facilities against cyber attacks?
Focus on Vulnerability Management
No matter the attack vector, cybercriminals operate on the premise that vulnerabilities exist. Stay ahead of them with advanced solutions that cover all your systems without exception. Build a continuous, sustainable response to the ongoing threat and create a strong process with the most advanced tools on the market.
- Continually monitor and assess the complete scope of infrastructure assets
- Perform thorough analyses of the threatscape by employing both black-box and white-box analysis, including detailed security configuration checks
- Minimize time spent chasing false positives while ensuring a negligible rate of false negatives
- Stay ahead of emerging threats with a comprehensive knowledge base of benchmarks and vulnerabilities, continuously updated by leading security experts
- Connect risk controls to KPIs to measure how well they are protecting the business
- Focus on the data that is most important based on specific business needs
The Total System Vulnerability Checkhas a unique ability to provide in-depth security assessments of an all-in-one vulnerability management solution trusted by over 1,000 enterprises to create practical attack models, update and verify business risks and maintain security and compliance.
Secure Data Transfer
Portable media (such as USB drives, CDs/DVDs and mobile devices) is another way that cyber attackers can gain entry to a system: one of the ways the Stuxnet worm was spread was through an infected USB stick. Because of these risks, government regulations have been implemented, requiring these organizations to ensure that their facilities are protected against cyber attacks.
In order to comply with these regulations, which necessitate guarding against malware entering the organization in several ways, many public utilities have looked to kiosk solutions to provide stronger assurance that threats cannot enter the facility via USB drives, memory cards, or CDs/DVDs that employees and contractors bring in. The Secure Data Transfer Solution provides control over the data coming into a secure network by enabling configuration of multiple content filters based on file type, file size, anti-malware engine scan results and more. This allows public utilities to develop a workflow to protect their facilities and comply with federal regulations.
Keeping Data Secure
Sensitive information must be segregated and encrypted. When sensitive data must be shared externally, a secure file transfer system must be used to ensure confidentiality and prevent data theft. For high-security environments, networks containing sensitive data are even entirely disconnected from the Internet and other networks, in so called ‘air-gapped networks.' Limited connectivity is possible using a cross-domain solution or data diode that enables one-way traffic only, from the lower security network to the higher security network. This ensures that for productivity purposes it is possible to connect to the Internet from the secure network, however, it is impossible for any data to leave the network. By implementing such measures, even if a cyber attack is successful, the data will always remain secure.