Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.

Virtual virus health checks more critical than ever

Cyber-attacks have always had the potential to wreak havoc on industrial infrastructure.
Cyber-attacks have always had the potential to wreak havoc on industrial infrastructure.

The oil and gas industry has been battered by a perfect hurricane of the three Cs: coronavirus, climate concern and a collapse in crude prices. But a fourth big C, a perennial threat to the health of the sector, lurks in the background and could cause even greater damage than usual in today’s fraught operating environment.

Cyber-attacks have always had the potential to wreak havoc on industrial infrastructure and the need for businesses to be fully protected from virtual viruses has been highlighted by the fallout from their biological equivalent.

Cyber security is a constantly evolving threat and the best practice approach for a company to protect itself is to utilise a defence in depth approach that delivers resilience against attack.

Classical approaches to security have typically only addressed known threats. But it is critical to implement defences that provide resilience and limit the impact of what could be deemed a ‘novel virus’, much as Covid-19 emerged from nowhere and has had a devastating economic effect worldwide.

The current situation with Covid-19 can be considered very much analogous to some of the relatively recent malware incidents that blighted Germany-based Mercedes-Benz, the UK’s NHS and Denmark’s Maersk. As with Covid-19, a single instance of infection in the majority of cases may not lead to a significant impact. But when such issues are presented at scale, the effects are severe and exemplify the true risk factor associated with cyber-attacks.

The NotPetya malware that eventually cost Maersk US$300 million was designed to spread speedily, automatically and indiscriminately, which draws clear parallels with the Coronavirus outbreak.

A critical factor is that such cyber-attacks can be scaled very easily, crippling an organisation’s operations and presenting real difficulties in response and recovery activities. The twin-pronged threat right now is that, should such a widespread malware incident be launched, businesses simply don’t have the ability to provide a rapid and effective response. The movement of people is heavily restricted, which means establishing crisis teams to work round the clock to restore critical systems and services is just not feasible.

The efforts taken by Maersk in the immediate aftermath of the NotPetya incident would be impossible in today’s Corona-constrained workplace.

There have already been cyber incidents at healthcare establishments during the current crisis, such as at the University Hospital in Brno, Czech Republic, where an attack in mid-March caused the suspension of scheduled operations.

The energy industry must take note of harbingers like this in the health sector and take precautions to protect itself. For example, a vulnerability has been identified in the Windows SMBv3  (CVE-2020-0796 ) protocol which is very similar to that which led to the spread of NotPetya and another pernicious malware called WannaCry. With skeleton staff, remote working and restricted travel, the routine patching of systems may not be up to date, which could intensify the prevailing winds against which the industry is battling.

Evidence suggests known advanced hacking groups such as APT 36 and the Chinese government-linked Mustang Panda are leveraging the current situation to infiltrate networks and systems.

Organisations should urgently look to utilise AI based technologies to allow remote staff to identify anomalous network activity quickly and take appropriate and proportionate action where required.

Solutions

Good cyber security does not always require huge capital investment. When funding is not readily available, a concern at the moment for most operators with oil prices down in the US$20-30 per barrel range, companies clearly need to spend their money wisely. But they can mitigate risk through implementing effective processes, improving internal cyber awareness and implementing rigorous cyber hygiene practices.

Establishing network monitoring and intrusion detection capabilities make organisations better equipped to quantify risk in fine detail and maximise available resources by focusing on the key risk factors

An example of this is the response to a newly disclosed ‘critical’ vulnerability. By leveraging data flow mapping capabilities within Guardian, a cyber-security solution from Nozomi Networks, it is possible to identify accurately the level of exposure of assets in an industrial environment. A remediation programme can then be staged, tackling a small number of critical systems with a high level of exposure first. This way, the impact on production is minimised with the remainder of systems patched upon the next scheduled shutdown.

Systems such as this will be a much-needed lifeboat for companies being battered by the current perfect hurricane in the oil industry should they succumb to a cyber-attack.

Rommy Peeters is Field Marketing Manager, EMEA, for Nozomi Networks

rommy.peeters@nozominetworks.com

www.nozominetworks.com

Link to Microsoft – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

Recommended for you

More from Energy Voice

Latest Posts