Countdown to Energy Cyber Security Event beginsby Daniel Canty on May 8, 2012
Upstream operations are seriously exposed and under threat from a new generation of cyber attackers. Local and international help is at hand. Find out more ahead of the Abu Dhabi International Cyber Security Forum later this month
Oil & Gas senior executives and technology experts in the field of cyber security are coming together in an unprecedented way in Abu Dhabi this month to address the critical infrastructure threats and countermeasures surrounding modern oil and gas companies.
The Cyber Security International Forum for Energy and Utilities was created to share first hand knowledge and experience of international cyber security organizations who are leaders in the Middle East market, as well as to showcase the realism associated with (in)secure data and problematic issues associated control systems within energy companies.
Raising awareness about the necessity of securing data in the age of general internet accessibility is the hot topic of 21st century’s fast and mostly unpredictable technical development.
The protection of critical national infrastructures has long been a serious concern to Governments in this region and, as a recent attacks on Iran’s oil and nuclear systems demonstrates, is no longer limited to the physical security of important assets.
The scope of motivation potentially behind a cyber-attack on a nation’s energy infrastructure is a broad remit. “At the forefront of popular consciousness are of course other nation states, criminals, terrorists, hackers and even disgruntled employees,” explains Justin Lowe, a smart energy expert at PA Consulting Group.
“This makes cyber attacks difficult to defend against because the attacker could be located anywhere in the world, and could even be internal to the impacted organisation,” he adds.
Given the widespread use of interconnected networks and control systems in national oil, gas, power, water and electricity sectors, there is a very real need to enhance their cyber security given the ever increasing number of international attacks.
It has been reported that there was more than a 40% increase across the Middle East in computers infected by malware in 2010. The threat of such viruses was highlighted by the discovery that same year of the most sophisticated cyber attack to date, Stuxnet.
It was a vicious computer worm with highly specialised malware coded to target specific Supervisory Control and Data Acquisition (SCADA) systems and disrupt their operational activities but without the operators being aware of such changes.
“The cyber security threat to energy installations is surprisingly widespread, running across utilities and distribution networks to generation, refining, and even drilling and exploration.
Most security professionals now say that if you think you have not had your security breached then you just haven’t detected it,” says Professor Paul Dorey, director at CSO Confidential.
SCADA networks are widely used in all industrial sectors and provide essential services and commodities in a very efficient manner. However, they were originally designed to maximize functionality with little attention paid to security.
Consequently performance, reliability and safety of these highly complex and interconnected systems are invariably robust but the security is weak, making them vulnerable to disruption of service, process redirection or manipulation of operational data that could result in public safety concerns and even loss of life.
Article continues on next page ...