Page 35 - index
P. 35
.$%0- 7"%0 %&%-1%1 - -$3120)!+ )+%,,! &.0 -%0'7
!-$ 2)+)2)%1
We have now entered the age of digital criminality in which well-organized and well-funded
criminal groups are using sophisticated cyber techniques to carry out theft, fraud, and
intrusion attacks on an unprecedented scale. Traditionally, cyber criminals have looked to
penetrate systems, gather information and leave with valuable data and intelligence.
However, a new wave of cyber-attacks have taken shape with the aim to target and take
control of critical operational infrastructure such as the electricity grid, water or gas supply
systems that have seen increased connectivity to corporate networks.
In fact, according to a report from the US Department of Homeland Security (DHS), there
was an enormous increase in the number of attempted cyber-attacks on the energy sector in
2013, with 53 per cent of cyber incidents handled by this department in the first half of 2013
in the Energy & Utility (E&U) sector. [1] These organizations must, therefore, react to the
modern cyber threat and elevate their cyber defences to protect both information and system
integrity.
An Evolving Threat
E&U companies are becoming increasingly automated in their processes, which has led to
new-found efficiencies in managing areas of critical infrastructures as well as new entry
points into those systems – a trend expected to increase over the next 10 years.
An early instance of this new vulnerability was seen with the Stuxnet computer worm in 2010
that attacked the industrial Programmable Logic Controllers (PLCs) - which allowed the
automation of electromechanical processes - of a nuclear facility in Iran. Stuxnet disrupted
industrial systems by causing the centrifuges to fail.
Since then other attacks on the energy sector have been seen around the world. In
December 2012, a Denial of Service (DOS) attack on a German renewable energy firm,
50Hertz, lasted five days and ensured that the organization’s internet communications
systems remained offline for the period. More recent attacks such as Shamoon, have shown
just how critical it is for organizations to protect their networks.
The larger and more diverse the organization, the greater the number of network
vulnerabilities for cyber attackers to exploit – and energy and utility companies are
particularly vulnerable. The size of the power grid makes it extremely susceptible to attack
from cyber criminals, and with every city having its own installation which feeds into the main
grid, attacks are even harder to detect. Needless to say, the integral nature of the grid to the
national infrastructure means that an attack has the potential to wreak havoc on a colossal
scale.
[1]
http://ics-cert.us-cert.gov/sites/default/files/ICS-CERT_Monitor_April-June2013.pdf
! " $
! # ! "
