http://www.energyglobal.com/downstream/special-reports/29052015/How-can-SCADA-security-be-improved-for-oil-and-gas-companies-089/
By Deborah Galea
Manager, OPSWAT.
29/05/2015
According to the recently released 2015 Dell Security Annual Threat
Report, SCADA attacks are on the rise. The report found that in 2014 the
number of attacks on Supervisory Control and Data Acquisition (SCADA)
systems doubled compared to the previous year. Most of these attacks
occurred in Finland, the UK, and the US, probably due to the fact that in
these countries SCADA systems are more likely to be connected to the
internet. The Dell Report came on the heels of findings from the US
Industrial Controls Systems Cyber Emergency Response Team (ICS-CERT)
showing that energy was the most targeted sector for attack among all
critical infrastructure providers.
"Since companies are only required to report data breaches that involve
personal or payment information, SCADA attacks often go unreported," said
Patrick Sweeney, Executive Director of Dell Security. "This lack of
information sharing combined with an aging industrial machinery
infrastructure presents huge security challenges that will continue to
grow in the coming months and years."
This does not come as a surprise to those in hydrocarbons. Many SCADA and
industrial control systems (ICS) were built decades ago when cyber
security was not yet an issue for the industry. There has been an
inevitable collision as operational technology (OT) systems like SCADA
come into closer contact with IT management modalities, introducing risks
as systems not designed for outside connectivity are exposed to the
internet.
In addition to their importance for hydrocarbons, SCADA systems control
key functions for other critical infrastructure providers, such as
utilities, airports and nuclear plants. Successful attacks on SCADA
systems could potentially cause disruptions in services that we all depend
on every day. For this reason, SCADA attacks are often politically
motivated and backed by foreign state actors with motives such as
industrial espionage and major supply chain disruption.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
