The energy sector has been served a wake up call on how vulnerable the industry is to cyber attack after hackers shut managed to cut off 80,000 Ukranian electricity customers.
Cyber security experts said that a suspected Russian cyber attack on the Ukranian utility sector underline how targeted attacks on critical infrastructure could cause chaos and add to security issues for countries and corporations.
Highly destructive malware known as Black Energy infected the Ukranian regional power leaving thousands of homes in the Ivano-Frankivsk region of country without electricity on December 23.
Ukraine’s SBU state security service blamed Russia and the energy ministry has set up a commission to investigate and results will are expected after January 18.
Increasing automation in the energy sector and more reliance on the digital world for its operations increases its vulnerability to cyber-attacks.
The Electricity Information Sharing and Analysis Center, or E-ISAC, urged members to “do a better job” at implementing multiple layers of defense against potential cyber attacks, saying the incident at Ukraine’s Prykarpattyaoblenergo electricity provider appeared to be the result of a “coordinated effort by a malicious actor.”
Cyber security expert Tim Erlin, director of IT Security and Risk Strategy for US Tripwire, said the energy sector, including oil and gas companies, power utilities and the nuclear industry, must ensure they are doing all they can to guard against the threat of attack from nation states, terrorists and criminal networks who may wish to exploit the vulnerabilities in IT systems.
“The Ukranian situation is a huge deal as it demonstrates the impact of a cyber attack on industrial control systems. I have no doubt that if this had happened in Western Europe or the United States, this would have been an even bigger story. This should be the wake up call for the energy sector to understand that systems are vulnerable to attack,”
Erlin added: “Industry experts have been talking about how cyber attacks could directly affect the power grid for a long time, so it shouldn’t be a surprise that it’s now actually occurred. Discussing a threat doesn’t count as mitigation. Energy companies need to invest in securing their infrastructure, from control systems to corporate IT.
“Investment isn’t just about buying products. It’s about people, skills and process. Purchasing the latest security device is easy compared to training security staff effectively.”
Erlin said businesses in many sectors were closely following the Ukraine incident because it was a watershed event: the first known cyber attack to take down an electric grid. It was also one of just a handful of known cyber attacks that have damaged any kind of physical infrastructure.
He said: “All malware, including BlackEnergy, requires an infection vector to get to its target. Attackers will almost always take the path of least resistance. Today, that means published vulnerabilities, misconfigurations and phishing scams. These are all security issues that we can address, with sufficient resources.
Rachel Spatz, of US firm Cybereason said it wasn’t just utlilities that were vulnerable, oil and gas infrastructure was also a potential target: “Pipelines can be hacked. If hackers were to infiltrate the operating systems that control pipelines, they could cause all kinds of damage.
“For example, they could shut down the transport of fuel, which could have devastating economic effects. Or even scarier, they could alter the pressure and cause explosions.”
“Attacking the systems that companies use day-to-day can completely disrupt an organisation. The software does not need to be particularly sophisticated to cause disruption. Malware can be introduced via a phishing scam or gaining access to an employee’s computer if they open the wrong attachment in an email.”
“Almost any system can be breached if the attackers are determined enough. The issue is how to deal with what happens after a breach occurs.”
Black Energy is believed to have been around since 2007 but has recently been updated to destroy parts of a computer’s hard drive and has the capability to sabotage industrial control systems.
Cyber security experts consider Russia one of the world’s most advanced cyber powers, along with the United States, China, Israel, France and Britain.