Critical Infrastructure Is The Next Target

Zaporizhzhia Nuclear Power Station, Ukraine

The way we think about cyber-attacks changed in December 2015, when Ukraine experienced the first recorded power outage caused by a cyber-attack.

It didn’t last long, between one and six hours, depending on the area, but it showed the government, industry, and the public how these attacks could affect the physical world. It’s not just personal information and other sensitive data that’s at stake. Critical infrastructure is now under threat.

Advances in information technology and operational technology carry new benefits and risks for many companies. Technological developments not only allow for more efficient management of industrial and process control systems but also increase the attack surface of the organization, making them more vulnerable to cyber threats.

The New Mandate

In May 2016, the G7 Energy Ministers released a joint statement that announced their commitment to “advancing resilient energy systems including electricity, gas, and oil, in order to respond effectively to emerging cyber threats and to maintain critical functions.”

This is the latest in a series of movements around the world to protect data and critical infrastructure. The most immediate actions confronting organizations operating in the EU are the General Data Protection Regulation, which contains some of the most stringent privacy requirements anywhere in the world, and the Network and Information Security Directive (NISD). The NISD will have a significant impact on companies operating critical infrastructure across all major sectors, including the energy sector.

European Commission Vice-President Andrus Ansip described how the NISD will require “companies in critical sectors, such as energy, transport, banking, and health, to adopt risk management practices and report major incidents that can affect the Digital Single Market to their national authorities, which will, in turn, be able to carry out better capacity-building with greater cross-border cooperation inside the EU. It also obliges online market places, cloud computing services, and search engines to take similar security steps.”

The Digital Single Market is an EU initiative that aims to remove existing online barriers for goods and services across the EU.

Once the NISD is adopted, expected this month September 2016, EU member states will have 21 months to integrate the ruling into their national laws, and then six additional months to identify operators of essential services that it affects.

Moving Beyond Protection

The cyber-threat landscape is continuously evolving, with new attack techniques discovered on a daily basis. Organizations across all sectors, including those in the power and utilities market undertaking large technology transformation programs, face an enormous challenge.

On one hand, they have no choice but to embrace the new hyper-connected digital world and all the benefits that new communication channels and platforms bring to the business. But on the other, they must defend against advanced cyber threats as their risk increases exponentially.

The energy sector’s long-held belief that all cyber breaches can be prevented is no longer valid. The incident in Ukraine proved that the era of prevention is over. A new wave of targeted cyber-attacks could prove too sophisticated even for the most-advanced cybersecurity defense programs.

Preventative controls such as firewalls, access management, and antivirus systems remain an important part of any cybersecurity program, but investment in monitoring capabilities, threat intelligence, and incident management is needed now. Utilities must be able to identify when an attack is taking place and be ready to set response mechanisms in motion when a breach occurs. They must build an active defense.

It sounds easy enough but, in reality, the energy sector lags behind most other sectors. EY’s most recent Global Information Security Survey revealed that 42% of power and utilities companies say it’s unlikely they would be able to detect a sophisticated attack. The best place to start is by understanding what assets they need to protect and how attacks could play out. This will, in turn, drive the development and implementation of targeted countermeasures.

The protection of critical infrastructure against advanced cyber threats in an increasingly interconnected and borderless digital world is one of the most pressing challenges that energy companies face today. Cybersecurity doesn’t inhibit developments in the digital world; rather, it helps make the digital world fully operational and sustainable. And a tailored and risk-centric approach to cybersecurity will adjust the balance of the digital world back toward sustainability and safety.

After all, it’s just a matter of time before the next attack strikes.

Dark Reading

« Canadian Companies Vulnerable To Cyber-Attacks
Cybercrime & Cyberwar: A Spotter's Guide »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

SOFTwarfare

SOFTwarfare

SOFTwarfare deliver high-quality, reliable and secure enterprise application integrations through RESTful APIs for Cyber, Ops & Dev.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Peraton

Peraton

Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

InfoSec Conferences

InfoSec Conferences

InfoSec Conferences is an online directory of infosec conferences. We list every single Information Security conference, event and seminar within every niche in Cybersecurity.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

Nova Microsystems

Nova Microsystems

Nova's mission is to revolutionize cybersecurity through continuous data analysis and dynamic AI-driven encryption.

CyberAntix

CyberAntix

CyberAntix offers Premium CyberSecurity for your business using an advanced Security Operations Centre technology and process platform reinforced by a steadfast and expert SOC team.