Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.

Tech Tuesday: Could the canteen fridge pose an energy security threat?

Cyber criminals could attack control systems

As if rogue governments, Anonymous vigilantes and international terrorists didn’t pose enough of a cyber-security threat, it seems the humble fridge may be placed on the watch list if the Internet of Things takes hold in the energy industry.

That’s the stark, if somewhat bizarre, scenario highlighted by a leading cyber security expert Professor Chrisina Jayne, head of Robert Gordon University’s School of Computing Science.

The Internet of Things (IoT), promises a new era of efficiency and technological benefits by controlling operational equipment, drones and even household appliances such as refrigerators and toasters, through the Internet.

IoT is said to represent the next evolution of the Internet, taking a massive step forward in its ability to gather, analyse and distribute data that can then be used for information and knowledge.

Prof Jayne warned organisations must start thinking about potential cyber security attacks for a technology that is still in its infancy.

“Like almost any technology, it serves to bring tremendous advantages, but also brings with it new risks and unforeseen problems that will have to be addressed,” she said.

“IoT is still developing, but it is predicted there will be more than 25 billion devices connected to the Internet by 2020.”

Security firm Kaspersky has criticised the array of opportunities for those with malevolent intent to hack into systems.Last year they cited examples of car washes and police surveillance systems being hacked and controlled remotely.

Kaspersky’s Alex Drozhzhin, said: “Things get even worse when it comes to the users of connected devices. They don’t bother with security at all. For an average user, a connected microwave is still just a microwave. A user would never imagine it is a fully-equipped connected computer which has means of influencing the physical world.

“For users, our advice is limiting the use of way-too-smart connected tech.”

In oil and gas, IoT is seen as a means of integrating, sensing, communications and analytics capabilities to deliver greater efficiency in an era where streamlining, cost reduction and collaboration are a focus for industry leaders.

Prof Jayne took part in an  international conference last month in Amsterdam highlighting how oil companies can better protect themselves against cyber threats.

She joined speakers from Statoil, Total and the Industrial Cyber Security Centre for a presentation on the security challenges posed by IoT.

Senior oil and gas managers met with academics, technical experts and civil servants to exchange knowledge, challenges and best practice.

“It is logical that increased connectivity leads to increased risks. In the energy sector there are increasing concerns that operational technology – the equipment used to control delivery systems, pipelines for example could be targeted,” said Prof Jayne.

“Most cyber attacks to date have targeted software systems, but many people are looking at the threat posed to infrastructure and operational systems.

“A lot of oil and gas equipment is proprietary, but there will be greater standardisation as it becomes more connected.

“IoT is still in its early stages but people at a very high management level are giving considerable thought to how it will affect their business.”

Open industrial control systems (ICS), often used by industry to improve efficiency and streamline operations, have already provided hackers access to “back doors” to exploit weaknesses in the systems.

While IoT is still in the realm of “potential threat”, the most clear and present danger comes from the human factors, explained Prof Jayne.

“Oil and gas engineers are not trained in cyber security and cyber security specialists don’t know a lot about oil and gas. There is a skills gap. Understanding and training is the big challenge. Even home users should know much more about basic security – particularly as IoT means devices become ever more connected.”

Because home appliance firewalls are relatively easy to bypass, they are attractive to cyber criminals for use as “botnets” for denial of service attacks, .

“The challenge for everyone involved in cyber security is that we are involved in an evolving battle and it is never-ending. Technology never sits still,” said Prof Jayne.

“85% of cyber attacks can be avoided by small measures and simple housekeeping such as logging out after using your computer and not opening suspicious attachments. Most people know this, but that doesn’t mean they follow best practice. Most attacks are at the nuisance level rather than mission critical. Unfortunately, it’s a matter of when not we are going to see something dramatic.”

More from Energy Voice

Latest Posts