Digital danger zone: Tackling cyber security

Oil and Gas installations and processing facilities must address vulnerability in the face of a new digital threat.

The protection of critical national infrastructure has long been a serious concern to governments in this region, but an all-encompassing approach means achieving this is no longer limited to physical security. The widespread use of interconnected networks and control systems in national oil, gas, power, water and electricity sectors, means there is now a very real and growing need to enhance cyber security, highlighted by an ever increasing number of international attacks.

Indeed, as a region responsible for much of the world’s energy, GCC countries are placing cyber defence as one of their priority areas for development. Saudi Arabia has plans to spend $3.3Bn on oil and gas infrastructure security and Qatar, Oman, Kuwait and the UAE are set to follow suit over the coming years.

“The cyber security threat to energy installations is surprisingly widespread, running across utilities and distribution networks to generation, refining, and even drilling and exploration. Most security professionals now say that if you think you have not had your security breached then you just haven’t detected it,” says Professor Paul Dorey, director at CSO Confidential.

“Wherever there is digital technology there is the potential of cyber threat. What can change between industry sectors is the nature of the motivation of attack. Basic utilities have less information of commercial value to steal than do exploration companies bidding for assets, however both have the potential to create widespread disruption if their operations are stopped or disrupted by attack on critical cyber systems such as Industrial control,” Dorey adds.

Governments and large corporations all over the world should be wary of a growing cyber menace in 2012 in particular, according to experts at Kaspersky Lab. Not only will there be a dramatic increase in the number of targeted attacks on state institutions and large companies, it is also likely that a wider range of organizations will bear the brunt of the expected onslaught.
“At the moment, the majority of incidents affect companies and state organizations involved in arms manufacturing, financial operations, or hi-tech and scientific research activities. In 2012 companies in the natural resource extraction, energy and transport industries will be affected, as well as information security companies,” warns Alexander Gostev, headed of the global research and analysis team at Kaspersky Lab. Attacks will range over more of the world than ever before, spreading beyond Western Europe and the US and affecting Eastern Europe, the Middle East and South-East Asia.

It has been reported that there was more than a 40% increase across the Middle East in computers infected by malware in 2011. The threat of such viruses was highlighted by the discovery in 2010 of the most sophisticated cyber attack to date, Stuxnet. It was a vicious computer worm with highly specialised malware coded to target specific Supervisory Control and Data Acquisition (SCADA) systems and disrupt their operational activities but without the operators being aware of such changes.

“SCADA networks are widely used in all industrial sectors and provide essential services and commodities in a very efficient manner,” explains Dr Nick Coles, founder and organiser of the International Forum to discuss the cyber security of energy and utilities sectors in the Middle East.

“However, they were originally designed to maximize functionality with little attention paid to security. Consequently performance, reliability and safety of these highly complex and interconnected systems are invariably robust, but the security is weak, making them vulnerable to disruption of service, process redirection or manipulation of operational data that could result in public safety concerns and even loss of life,” adds Coles.

Story continues below

Advertisement

FEATURED COMMENT Please click here to comment on this article

The management need for information and remote control in the modern energy business has led to the adoption of common network protocols and the connection of many of these SCADA and Industrial Control Systems (ICS) to the corporate network.

While these changes have resulted in business benefits they also have meant that control system security is even more prone to the same cyber threats faced by corporate networks.

The Stuxnet worm demonstrated that it can cause real damage to public safety, the economy and the environment. On the other hand, Stuxnet drew attention to the enhanced cyber security needs for ICS systems.

As a result of this Stuxnet attack, which had a profound influence on cyber security, countries have published national cyber strategies and programmes in order to regulate and clarify their security risks and threats. An example of intergovernmental cooperation is the recent US-EU joint cyber security exercise to defend against potential attacks.

The cyber threats are by no means limited to the Stuxnet concern. The Night Dragon virus drew attention to the ability of such viruses to steal highly sensitive competitive information from oil and gas companies especially, and are now being superseded by a new type of digital infection, the Advanced Persistent Threat (APT). These viruses can upload and propagate themselves into IT/ICS systems without any immediate noticeable affect and can collect intelligence data over a long period of time without detection.

The Night Dragon attacks work by methodical and progressive intrusions into the targeted infrastructure. Using several locations in China, Night Dragon attackers leveraged command and control servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information.

The primary operational technique used by the attackers comprised a variety of hacker tools, including privately developed and customized RAT tools that provided complete remote administration capabilities to the attacker. RATs provide functions similar to Citrix or Microsoft Windows Terminal Services, allowing a remote individual to completely control the affected system.

Most recently another new virus, Duqu, has appeared in the Middle East and potentially differs from its predecessors in that it gathers intelligence data such as design documents and assets from ICS systems for example in order to plan for a future cyber attack.

If Stuxnet was a wakeup call for industry, then Duqu is further evidence of the severity of attacks. So it can be seen there is an exponential increase in cyber attacks from increasingly sophisticated malware and what is needed to combat such threats are robust yet simple to implement cyber security technology, sustained, consistent and updated education in this area, enhanced public-private partnerships and well thought out cyber security standards that industry can easily follow in order to truly protect industry plants and assets.