One of the most attractive targets for cyber threats is the energy industry – companies in this industry must remain vigilant in the face of rapidly evolving attacks. Internet connectivity needs to be carefully reviewed as more than half of IT systems are vulnerable, according to a new study.
Research by industrial cyber security specialists Dragos claims that electricity suppliers without sufficient protection at every level – due to a lack of dedicated security staff or budget – are vulnerable to cyber attacks. In their infrastructure there are devices that are directly connected to the Internet and are “breakthrough”.
Additional data reveals that 77 percent of energy sector network assets have “porous” IT and OT systems, meaning greater risk and more danger to the industry. And this can negatively affect not only the current activities, but also the daily life of millions of people.
The reasons and motives for attacks on energy systems are numerous, according to Dragos. Some of them concern the geopolitical situation and the hot conflicts that are ongoing in different parts of the world. In addition, active cybergangs are constantly improving their techniques and organization. To this, it should be added that the high degree of vulnerability in a country inevitably also affects a number of neighboring countries with which it may have commercial exchanges.
Cyber-attacks against the energy industry can affect business, but also customer service – businesses from other sectors, as well as millions of citizens. It is these factors, combined with the critical nature of public services, that make the sector’s cyber landscape uniquely challenging.
In terms of specific threats targeting the energy sector across Europe, Dragos points to the DYMALLOY, VANADINITE and XENOTIME groups.
Victims of attacks carried out by DYMALLOY include electricity companies as well as fuel suppliers. These industries increasingly have IT systems and operational technology infrastructures that are appetizing to vested interests. And the cyber gang’s techniques are evolving rapidly, outpacing the measures taken by security officials in the energy sector.
Meanwhile, the VANADINITE group emerged in 2019, targeting energy companies as well as government departments. By exploiting security flaws available in external network devices, this group is able to gain access to entire networks and bring down companies.
XENOTIME is an aggressive group identified as targeting midstream and downstream liquefied natural gas (LNG) facilities. According to Dragos, any type of attack aimed at disrupting oil and natural gas operations in the North Sea can be expected from the group.
Especially common attacks against critical types of infrastructure are ransom demands – this is ransomware that not only stops the current business, but can also damage the reputation and trust of users. Security teams must constantly evolve their security strategies to ensure that all systems are “patched”, that all types of attack can be “sniffed” in time and neutralized.
When it comes to protecting against cyber attacks, security teams in energy sector organizations can protect network access through a number of means and methods:
• Implement multi-factor authentication (MFA) for remote access;
• Checking and searching for open source tools known to have been used to attack industrial entities, such as SSH.NET, MASSCAN and Impacket;
• Overview of the architecture for routing protocols between OT and external networks;
• Using the Crown Jewel Analysis (CJA) model—a top-down examination of physical and logical assets, data, and communication and control interfaces—to identify risks.
As organizations in the energy sector continue to expand their connectivity to improve efficiency, the challenges will only increase. Efforts to keep energy infrastructures secure over the long term could be facilitated by partnerships with managed security service providers that specialize in these kinds of technologies and strategies.
Quite a few of these providers have advanced and comprehensive virtual protection platforms that combine the functions of multiple protection technologies and systems – virus and virtual infection protection, ransomware protection, e-mail care, data backup maintenance, and more.
Such functionalities, combined with analysis and statistics on threats and supporting services can give peace of mind and additional confidence in an organization’s security strategy.