The oil and gas industry has been battered by a perfect hurricane of the three Cs: coronavirus, climate concern and a collapse in crude prices. But a fourth big C, a perennial threat to the health of the sector, lurks in the background and could cause even greater damage than usual in today’s fraught operating environment.
Cyber-attacks have always had the potential to wreak havoc on industrial infrastructure and the need for businesses to be fully protected from virtual viruses has been highlighted by the fallout from their biological equivalent.
Cyber security is a constantly evolving threat and the best practice approach for a company to protect itself is to utilise a defence in depth approach that delivers resilience against attack.
Classical approaches to security have typically only addressed known threats. But it is critical to implement defences that provide resilience and limit the impact of what could be deemed a ‘novel virus’, much as Covid-19 emerged from nowhere and has had a devastating economic effect worldwide.
The current situation with Covid-19 can be considered very much analogous to some of the relatively recent malware incidents that blighted Germany-based Mercedes-Benz, the UK’s NHS and Denmark’s Maersk. As with Covid-19, a single instance of infection in the majority of cases may not lead to a significant impact. But when such issues are presented at scale, the effects are severe and exemplify the true risk factor associated with cyber-attacks.
The NotPetya malware that eventually cost Maersk US$300 million was designed to spread speedily, automatically and indiscriminately, which draws clear parallels with the Coronavirus outbreak.
A critical factor is that such cyber-attacks can be scaled very easily, crippling an organisation’s operations and presenting real difficulties in response and recovery activities. The twin-pronged threat right now is that, should such a widespread malware incident be launched, businesses simply don’t have the ability to provide a rapid and effective response. The movement of people is heavily restricted, which means establishing crisis teams to work round the clock to restore critical systems and services is just not feasible.
The efforts taken by Maersk in the immediate aftermath of the NotPetya incident would be impossible in today’s Corona-constrained workplace.
There have already been cyber incidents at healthcare establishments during the current crisis, such as at the University Hospital in Brno, Czech Republic, where an attack in mid-March caused the suspension of scheduled operations.
The energy industry must take note of harbingers like this in the health sector and take precautions to protect itself. For example, a vulnerability has been identified in the Windows SMBv3 (CVE-2020-0796 ) protocol which is very similar to that which led to the spread of NotPetya and another pernicious malware called WannaCry. With skeleton staff, remote working and restricted travel, the routine patching of systems may not be up to date, which could intensify the prevailing winds against which the industry is battling.
Evidence suggests known advanced hacking groups such as APT 36 and the Chinese government-linked Mustang Panda are leveraging the current situation to infiltrate networks and systems.
Organisations should urgently look to utilise AI based technologies to allow remote staff to identify anomalous network activity quickly and take appropriate and proportionate action where required.
Good cyber security does not always require huge capital investment. When funding is not readily available, a concern at the moment for most operators with oil prices down in the US$20-30 per barrel range, companies clearly need to spend their money wisely. But they can mitigate risk through implementing effective processes, improving internal cyber awareness and implementing rigorous cyber hygiene practices.
Establishing network monitoring and intrusion detection capabilities make organisations better equipped to quantify risk in fine detail and maximise available resources by focusing on the key risk factors
An example of this is the response to a newly disclosed ‘critical’ vulnerability. By leveraging data flow mapping capabilities within Guardian, a cyber-security solution from Nozomi Networks, it is possible to identify accurately the level of exposure of assets in an industrial environment. A remediation programme can then be staged, tackling a small number of critical systems with a high level of exposure first. This way, the impact on production is minimised with the remainder of systems patched upon the next scheduled shutdown.
Systems such as this will be a much-needed lifeboat for companies being battered by the current perfect hurricane in the oil industry should they succumb to a cyber-attack.
Rommy Peeters is Field Marketing Manager, EMEA, for Nozomi Networks
Link to Microsoft – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796