Security professionals working together to defend against rising cyber threats in energy
The idea of cyber-attacks causing severe physical damage to power plants and oil refineries is no longer a hypothetical for the screenplays; in today’s world, it’s the subject of real news headlines.Cyber attackers are targeting energy and oil and gas organisations like never before, and the need for better industrial cybersecurity is real.
In a recent Tripwire survey, 70% of security professionals in the energy industry said they are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, says Tim Erlin is VP of Product Management & Strategy at Tripwire.
In the past, energy organisations and other industrial operators only had to worry about physical security. Now that most industrial control systems (ICS) are connected to the Internet, the energy industry needs to pay attention to new cyber threats. We commonly hear about hackers breaking into computer systems to steal data, typically for financial gain. With critical infrastructure, however, cyberattacks can disrupt critical operations, damage physical equipment and even cause loss of life. We’re seeing more and more real-life examples of this.
In a recent historical moment, the FBI and Department of Homeland Security issued a joint report describing a massive Russian hacking campaign to infiltrate America’s critical infrastructure. In a first, the US government publicly blamed Russia’s government for attacks on energy infrastructure.
We’ve also seen discoveries like Triton (aka Trisis), which shut down a Saudi petrochemical plant last year and is believed to have been designed to cause an explosion. Six months before that came Industroyer, modular malware which can take down ICS systems by speaking to industrial communication protocols and deploying wiper malware.
Responding to the threat
In Tripwire’s survey of security professionals in the energy industry, 59% said their companies increased security investments because of ICS-targeted attacks like Trisis/Triton, Industroyer/CrashOverride and Stuxnet. However, many feel they still don’t have the proper level of investment to meet ICS security goals.
More than half (56% ) of respondents to Tripwire’s survey felt it would take a significant attack to get their companies to invest in security properly. This may be why just 35% of participants are taking a multilayered approach to ICS security – widely recognised as a best practice. 34% said they were focusing primarily on network security and 14% on ICS device security.
The other challenge in industrial cybersecurity is organisational: the longstanding divide between information technology (IT) and operational technology (OT) teams. According to the Tripwire survey, however, 73% of participants said that their IT and OT teams are working better together now than compared to the past.
Organisations are realising they have no choice but to get their teams to work together as the threat of attack continues to rise. In the survey, IT and OT teams were aligned on what could happen if they don’t get industrial security right, such as operational shutdown and the safety of their employees.
While collaboration is certainly improving, most of our survey respondents suggested that IT still leads the initiative. When asked whether IT or OT teams were taking the lead on ICS security needs, 50% of total participants said IT, 35% said its evenly shared between […]