Operations personnel at many energy companies feel the pressure of achieving compliance with the NERC CIP standards. Some worry that they are not aware of the problems and security incidents that...
Protecting critical assets in a hazardous world.
comes to threats against SCADA systems, energy industry organizations can distinguish between threats posed by unauthorized access to the software system—whether driven by human interference or via virus infections that impact the performance of the software—and packet access to network segments that host SCADA systems. The latter threat raises the risk of intruders taking control of SCADA systems by sending access packets to the device.
Any of the outlined threats can essentially shut down the SCADA system, resulting in a direct or indirect threat for public health and safety.
When it comes to the motives that drive cyber attacks, it’s important to understand the different types of hackers.
Leisure hackers want to prove to the world their ability to break into a protected network or server, and it doesn’t matter if the network is operated by an industrial, commercial, or government organization. It’s more about the bragging rights rather than exploiting the victims for material gain. This group represents by far the least serious threat to the energy infrastructure.
Next up the ladder are those individuals that want to bring about environmental or social change and therefore target specific networks in order to advance their particular agenda. For instance, anti-nuclear activists could attempt to disrupt a nuclear power plant operation to create fear among the citizens and leverage the unfavourable media coverage for their own purposes. With the radicalization of activist movements in recent years, this group of hackers represents a serious threat to the energy infrastructure.
The next level of hackers, organized cyber criminals, always follow the money-trail, they have focused their attention on cyberspace as it allows them to cash in with a limited risk of getting caught. And while their organized crime leans towards exploiting vulnerabilities that are associated with personal identifiable information—which then can be used for fraudulent activities—they could target the energy industry to either manipulate the stock market or ask for ransom in exchange of not harming critical infrastructures. Targets of such extortion have tended to keep the incidents quiet, to avoid encouraging copycats.
Terrorist networks pose an even greater threat. The killing of al-Qaeda leader and founder Osama bin Laden and subsequent release of intelligence data illustrated how sophisticated terrorist networks are, and that cyber warfare is not unknown to them. Considering the fatal consequences a rapid shutdown of a nuclear plant could have for a whole region, such infrastructure presents a desirable target for terrorist networks.
Finally, state sponsored attackers have a variety of possible motivations—commercial, military, tactical, and strategic. Internet security experts, Western governments, and corporate America believe that the majority of cyber attacks originate from state actors, and in particular, countries such as China and North Korea. In February 2011, several multinational energy firms were targeted in an attack called “Night Dragon.” 5 The hack was traced back to China via a server leasing company in Shandong Province that hosted the malware and to a Beijing IP address. Further, according to U.S. diplomatic cable releases by Wikileaks, 6 U.S. officials believe that attacks on Google were devised by two members of China’s