CONNECTING THE DEFENCE COMMUNITY WITH INSIGHT, INTELLIGENCE & OPPORTUNITIES

Officially Supported By: Defence Contracts International Supply2Defence

Official Media Partners for:

Writing for Defence Online, Jerry Askar, Managing Director Middle East, Levant & Africa, Certes Networks, examines the importance of protecting the data networks of the utilities sector.

As automation continues to evolve, the utilities sector is finding that encryption of their network data is a critical to safeguard against cyber-attacks.  And, as organisations across the globe continue to prioritise cybersecurity, the threat landscape continues to expand.  Although good progress is being made, it is evident that critical network vulnerabilities are still being left unprotected.  

This is particularly the case in the oil and gas sector, which is the latest to enter the cyber security spotlight according to the latest threat report by security firm Dragos that highlighted that the sector is a valuable target for adversaries seeking to exploit industrial control systems (ICS) environments. The report revealed a new activity group targeting the industry, bringing the total number of tracked ICS-targeted activity groups to nine, five of which directly target oil and gas organisations. What’s more, the increased deployment of automation within the oil and gas industry to manage costs, extract the most value from current assets and maximise up-time, only causes the threats to ICS and supervisory control and data acquisition (SCADA) networks to rise.  

The threat is clearly high, as are the potential consequences of a cyber-attack on this sector. An attack on an oil or gas organisation would not only have severe political and economic impacts, but it would also have a direct effect on civilian lives and infrastructure. Much of how the population lives and works is dependent upon the energy from oil and gas production, from communication, the use of electronic devices and appliances, and even heating, cooling and cooking. The smallest attack on this sector could result in devastating effects.  

Beyond consumer impact, an oil or gas company hit by a cyber-attack could experience a plant or production shutdown, utilities interruptions, equipment damage or loss of quality, undetected spills and of course safety measure violations. For example, in December 2018, Saipem, an Italian oil and gas industry contractor, fell victim to a cyber-attack that hit servers based in the Middle East, India, Aberdeen and Italy, which led to the cancellation of data and infrastructures.  

 

Mitigating cyber-attack damage  

Understanding not just the threats faced by this sector, but also how the attacks are taking place and the behaviours and capabilities of activity groups targeting oil and gas companies, is essential. As the Dragos report warned, there is currently limited visibility – or observability –into the network ecosystem, including communications to and from operations centers, distribution substations and even home “smart grid” networks. This means that intruders can dwell for longer and the root cause of the attack can remain undetected. As is widely documented, the longer an attacker remains in a network, the more damage the breach will cause.  

To protect data in ICS/SCADA environments, organisations in the oil and gas industry need an encryption solution that not only safely encrypts data enterprise-wide, but that is also scalable and easy to implement, without disrupting, replacing or moving the network infrastructure. Furthermore, some encryption technologies will provide organisations with greater visibility of their data to monitor deployed policies. By defining and deploying policies and keys based only on which users should have access to what data, organisations can ensure that only those who need to send or receive the data have the access to do so. In addition, many Observability network features can provide crucial flow data so that IT operators can observe policy enforcement and quickly shut down a policy if compromised to stop further damage and potential escalation. 

Conclusion 

Lessons need to be learned from the past attacks on the oil and gas industry, such as the Saipem attack which had global consequences. With the sector facing such a high cyber risk, it’s more crucial than ever for oil and gas organisations to inhabit a cyber security culture and move from reactionary to proactive.  This means employing an encryption management solution, along with the right forensic intelligence tools, to understand and safeguard against future cyber-attacks and their potential for devastating consequences. 

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

 

Certes Networks cyber essentials cyber security Jerry Askar

Post written by: Matt Brown


LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

  • Engage with active defence buyers and key supply chain partners
  • Create your own branded micro-site which within Defence Online which is managed by you
  • Have a dedicated Digital Account Manager to help enhance your Stakeholder page
  • Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels
  • Have your company promoted on our partner website Defence Contracts Online (DCO)
  • All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package


.

RELATED ARTICLES

The Ministry of Defence (MoD) has adopted a new approach to cyber security in its capability programmes, called Secure by Design.

August 22, 2023

Homeland - MoD Secure by Design goes live

The Ministry of Defence (MoD) has adopted a new approach to cyber security in its capability programmes, called Secure by

Prepare for Government’s new approach to security – called Secure By Design – or risk missing out on Government contracts

June 19, 2023

Homeland - Deadline looming for changes to Government approach to security

A leading cyber security expert is urging contractors to prepare for the imminent launch of the Government’s new approach to