Cyber attacks on nuclear power plants, oil and gas producers, and the power grid, are increasing at an alarming rate. These attacks are enabled because many of the control system computers used by the energy industry are accessible by the Internet.
According to a blog article at WSJ.com, “Internet-based attacks on critical U.S. energy infrastructure are occurring at a greater rate than previously understood, according to a new government report. The report, issued by a cyber security team that operates within the Department of Homeland Security, found that thousands of control systems used in critical infrastructure are linked directly to the Internet and are vulnerable to attack by viruses and other malware. In the fiscal year that ended September 30, 2012, companies reported 198 cyber incidents to the DHS’s Industrial Control Systems Cyber Emergency Response Team, more than 40% of which were directed against companies operating in the energy sector. The team “has been tracking threats and responding to intrusions into infrastructure such as oil and natural gas pipelines and electric power organizations at an alarming rate,” according to the report.”
Most of these attacks are committed by nation states to gather information on the technology and the proprietary data stored in both the business systems as well as the control systems of the energy sector companies. But a few of the attacks, including the Stuxnet attack on Iran’s nuclear facility, have been to commit a destructive act on the operations of the infrastructure used by this industry. Or to place malware into the site’s networks for future use, sometimes combined with a “back-door” malware to allow easy access when needed.
I suspect the alarming rate of increase of cyber threats in this sector is caused by two factors. First, there are very good “exploit kits”, preprogrammed malware and attack tools, that allow fairly inexperienced hackers to attack such a site; and second, the energy sector does not share infrastructure information with government cyber security organizations(who could help them), such as Homeland Security because they want to protect proprietary information they feel could be obtained from the government by competitors. See Internet Security: Do you like sitting in the dark? for more information on this subject.
Reference: WSJ.com article
Be very careful…it’s dangerous out there.
Please comment on this article; we all learn from each other when our views and opinions are shared.
I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Remember, personal computing is a blast…keep it productive and enjoyable.
I’m also on Twitter, @PaulsInternet.
Images courtesy of FreeDigitalPhotos.net and FreeByte.com