Critical Infrastructure Is The Next Target

Uploaded on 2016-09-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

Zaporizhzhia Nuclear Power Station, Ukraine

The way we think about cyber-attacks changed in December 2015, when Ukraine experienced the first recorded power outage caused by a cyber-attack.

It didn’t last long, between one and six hours, depending on the area, but it showed the government, industry, and the public how these attacks could affect the physical world. It’s not just personal information and other sensitive data that’s at stake. Critical infrastructure is now under threat.

Advances in information technology and operational technology carry new benefits and risks for many companies. Technological developments not only allow for more efficient management of industrial and process control systems but also increase the attack surface of the organization, making them more vulnerable to cyber threats.

The New Mandate

In May 2016, the G7 Energy Ministers released a joint statement that announced their commitment to “advancing resilient energy systems including electricity, gas, and oil, in order to respond effectively to emerging cyber threats and to maintain critical functions.”

This is the latest in a series of movements around the world to protect data and critical infrastructure. The most immediate actions confronting organizations operating in the EU are the General Data Protection Regulation, which contains some of the most stringent privacy requirements anywhere in the world, and the Network and Information Security Directive (NISD). The NISD will have a significant impact on companies operating critical infrastructure across all major sectors, including the energy sector.

European Commission Vice-President Andrus Ansip described how the NISD will require “companies in critical sectors, such as energy, transport, banking, and health, to adopt risk management practices and report major incidents that can affect the Digital Single Market to their national authorities, which will, in turn, be able to carry out better capacity-building with greater cross-border cooperation inside the EU. It also obliges online market places, cloud computing services, and search engines to take similar security steps.”

The Digital Single Market is an EU initiative that aims to remove existing online barriers for goods and services across the EU.

Once the NISD is adopted, expected this month September 2016, EU member states will have 21 months to integrate the ruling into their national laws, and then six additional months to identify operators of essential services that it affects.

Moving Beyond Protection

The cyber-threat landscape is continuously evolving, with new attack techniques discovered on a daily basis. Organizations across all sectors, including those in the power and utilities market undertaking large technology transformation programs, face an enormous challenge.

On one hand, they have no choice but to embrace the new hyper-connected digital world and all the benefits that new communication channels and platforms bring to the business. But on the other, they must defend against advanced cyber threats as their risk increases exponentially.

The energy sector’s long-held belief that all cyber breaches can be prevented is no longer valid. The incident in Ukraine proved that the era of prevention is over. A new wave of targeted cyber-attacks could prove too sophisticated even for the most-advanced cybersecurity defense programs.

Preventative controls such as firewalls, access management, and antivirus systems remain an important part of any cybersecurity program, but investment in monitoring capabilities, threat intelligence, and incident management is needed now. Utilities must be able to identify when an attack is taking place and be ready to set response mechanisms in motion when a breach occurs. They must build an active defense.

It sounds easy enough but, in reality, the energy sector lags behind most other sectors. EY’s most recent Global Information Security Survey revealed that 42% of power and utilities companies say it’s unlikely they would be able to detect a sophisticated attack. The best place to start is by understanding what assets they need to protect and how attacks could play out. This will, in turn, drive the development and implementation of targeted countermeasures.

The protection of critical infrastructure against advanced cyber threats in an increasingly interconnected and borderless digital world is one of the most pressing challenges that energy companies face today. Cybersecurity doesn’t inhibit developments in the digital world; rather, it helps make the digital world fully operational and sustainable. And a tailored and risk-centric approach to cybersecurity will adjust the balance of the digital world back toward sustainability and safety.

After all, it’s just a matter of time before the next attack strikes.

Dark Reading

« Canadian Companies Vulnerable To Cyber-Attacks
Cybercrime & Cyberwar: A Spotter's Guide »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.