Energy Firms Under Fire: Over 80% Suffer Attacks in 2015

Energy Firms Under Fire: Over 80% Suffer Attacks in 2015

Over 80% of US oil and gas companies have reported an increase in successful cyber attacks over the past year, according to worrying new research from Tripwire.

The security and compliance software firm polled 150 IT professionals in the energy sector, including oil, gas and electricity companies to better understand the cyber threat level in these critical infrastructure industries.

Aside from the 82% who said they’d seen an uptick in successful attacks, 53% claimed the frequency of attacks had risen between 50-100% over the past month alone.

Further, 69% of respondents from the oil and gas sector said they “weren’t confident” their organization would be able to detect every cyber attack.

The study follows a recent major attack on the Ukrainian power grid using destructive BlackEnergy malware which left some regions without power due to "interference" in industrial control systems.

The US Department of Homeland Security claimed last year that the energy sector suffered the highest number of attacks in 2014—accounting for a third of the 245 incidents reported to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

Such systems have suffered from under-investment in security in the past, either because they’ve been deemed too critical to take down and patch, or because historically they weren’t connected to the internet and so safe from most remote attacks.

Eset malware researcher, Robert Lipovsky, said the first step for IT security bosses in such facilities is to ensure critical systems are ‘air-gapped’.

“But the sad reality is that you can sometimes find industrial control systems connected to the internet with a simple Google. It is important to follow defensive strategies recommended by institutions like US CERT or the SANS Institute,” he told Infosecurity by email.

“Then, for the ‘regular’ PCs at an industrial facility—all the more, when they’re not air-gapped, for whatever reason—common cybersecurity rules should be applied, i.e. up-to-date security software operating at multiple tiers, proper patch management, back-ups, regular user education, and so on.”

Photo © JuliusKielaitis/


Source: Information Security Magazine