SBN

Critical security concerns facing the energy & utility industry

A perfect storm of technical & human vulnerabilities

The global dependency and wide use of utility companies makes the system highly vulnerable to both natural and human-made disasters. This industry is an especially attractive target for state-sponsored and cybercrime gangs, who often launch attacks for political and extortion reasons. 

Stuxnet is an infamous example — perhaps the granddaddy of critical infrastructure attacks — and is often seen as a primer for those to come. Stuxnet was a computer worm that infected the centrifuges within an Iranian nuclear plant. At the time, control units were not connected to any external system like the internet. Once installed, the worm wreaked havoc, destroyed the centrifuges and shut down operations. 

Stuxnet attacked a contained system, allegedly using a USB middleman to implant the malware. But modern industrial systems are at least, in part, internet-enabled. New malware strains like Triton are designed to specifically target industrial control systems (ICS) to cause damage or shut them down. And with more open systems, the middleman role of malware infection just got a whole lot easier.

It is on this chilling note that we turn to the top security concerns facing energy and utility providers today.

Challenge 1: Securing critical infrastructure & the grid 

Critical infrastructures are not only the way we keep the lights on: they also play an intrinsic role in our economy. Our energy and utility critical infrastructures are experiencing a profound shift towards the use of smarter technologies to counter the increase in resource requirements of a burgeoning global population. 

Operational Technologies (OT), such as Industrial Control Systems (ICS) and SCADA, are being increasingly targeted as they become increasingly connected to wider networks. A Kaspersky report into challenges experienced when OT and IT merge found that a major problem was in (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/YwVZngNCuhI/