Page 76 - Cyber Defense eMagazine April 2021 Edition
P. 76
The Cyber Risk
Energy companies are known to be top targets for malicious actors—particularly those of the
state-sponsored and “hacktivist” varieties. Outdated software at any level or layer of the ETRM solution
architecture presents a security vulnerability that these cyber threat actors will seek to exploit. Oftentimes,
older applications are incompatible with the latest, most secure operating system (OS), database (DB), and
runtime software so these key components also can’t be upgraded. A greater number of older components
increase the potential attack surface, and the more aged they are means there are more known exploits
available to any would-be hacker.
This software patching “log jam” created by an out-of-date application results in situations like:
• Running older versions of Java, the .NET framework, etc.
• Using past versions of an SQL server or Oracle databases.
• Hosting the application and database on obsolete versions of Windows or Linux.
In more extreme cases, this situation can spiral out to middleware software, custom integration, and
touchpoints with third parties such as price data and measurement services. Custom code can be at an
increased risk for exploits like credential stuffing or SQL injection, among others. Taken together, these gaps
can leave your IT systems exposed to dozens, if not hundreds, of potential cyber exploits. It’s not just about
malicious actors gaining access to sensitive trading data, or that they could take a critical commercial and risk
system offline, but that the ETRM can be used as a platform to attack other assets on the business network.
Mitigating Actions
The obvious answer is to upgrade the ETRM system, but it can be challenging and time-consuming to build
a benefits case, gain approval, and secure funding for a large project. While an organization considers the
longer-term prospects of an upgrade or potential re-platforming initiative, below are steps that can be taken
immediately to reduce the risk of a cyber incident.
• Apply the latest versions and patches of the OS and DB that are compatible with the ETRM
vendor’s software—same for components and frameworks like Java and .NET.
• Harden your DB and application servers by removing unnecessary components and access, closing
ports, limiting RDP/SSH to whitelisted IP addresses only, etc.
• Run vulnerability scans on your ETRM system’s servers and remediate identified issues by
priority.
• Use secure connections running current cryptographic protocols such as TLS (Transport Layer Securi-
ty)—note that SSL has been deprecated due to known vulnerabilities.
• Consider enabling data encryption in-transit and at rest (either in the DB or storage layer) where feasible.
• Conduct static and/or dynamic code analysis on all custom interfaces and components and
remediate security defects by severity.
• Ensure that end-point protection is in place for all devices from the end-user’s system, through remote
access like Terminal Server or Citrix, to the middle tier and database servers of the ETRM itself.
• Enable logging and leverage a SIEM (Security Information and Event Management) solution to detect
unusual activity and provide early warning of a potential breach.
• Segment the network to put legacy systems in their own “box” where access to/from can be
limited to those individuals and systems that truly have a need.
76 Cyber Defense eMagazine – April 2021 Edition
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.