Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Destructive Attacks On Oil And Gas Industry A Wake-Up Call

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 26 Sep 2013 07:31:08 +0000 (UTC)
http://www.darkreading.com/attacks-breaches/destructive-attacks-on-oil-and-gas-indus/240161700

By Kelly Jackson Higgins
Dark Reading
September 23, 2013
Some 30,000 or so hard drives were scrapped and replaced with new ones last year on Saudi Aramco's internal corporate network after a massive cyberattack destroyed data on the oil and natural gas company's Windows machines. While the massive attack didn't directly affect Saudi Aramco's oil production and exploration systems, it raised the stakes for the increasingly targeted oil and gas industry and also raised concerns of possible market fallout from such attacks.
The oil and gas industry today is in the bull's eye of nation-states, hacktivists, and even cybercriminals, and, like other energy sectors, its industrial control systems are about a decade behind the security curve of the traditional IT environment. While Saudi Aramco said the attack was isolated to its corporate network and didn't directly affect its hydrocarbon exploration and production systems -- which run on isolated networks -- the reality is that a successful cyberattack could have ripple effects and ultimately result in real-world economic consequences in the oil and gas markets, security and oil and gas industry experts say. It could either directly or indirectly disrupt production, competition, and, ultimately, prices at the pump, they say.
If Stuxnet were the tipping point for ICS/SCADA attacks, then the data-destruction attacks on Saudi Aramco and on Qatar's RasGas gas company last year represent a major shift from cyberspying on oil and gas companies to more widespread destruction of their operations.
"I wonder if that's their Estonia moment," says Richard Bejtlich, CSO at incident response provider Mandiant, who says his company has been getting more inquiries from Middle East organizations lately. "We're moving beyond the stage of, 'This is a problem, and how do we fix it?'" 

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: