Management: Stark Realities of Managing Cybersecurity Risk Source: JPT | 12 November 2013
Worldwide, the cybersecurity threat is real and growing. The oil and gas industry’s technological critical infrastructure has been especially hard-hit, absorbing 40% of all cyber attacks globally. Yet the realities are not resonating effectively with industry executives because many companies have yet to put comprehensive protection plans into action.
This issue is potentially so devastating that it figuratively shouts for a short course about the chances that companies are taking, what vendors and purported experts are advocating, the grave risks, the unvarnished truth about hackers and company vulnerabilities, and how waiting for disaster is a dead-end choice.
Largely because of its worldwide exploration and production scope and the vast population dependent on energy, oilfield companies cannot simply blend in with the landscape and become unrecognizable as a major cyber target. For example, Telvent, which makes a control system for smart grid networks, was recently hacked. Project files for its supervisory control and data acquisition (SCADA) system were accessed and malware was installed on its network in the attack.
Other attacks have occurred against Saudi Aramco, which required 10 days to get its network back online after a Shamoon Wiper malware cyber attack disabled more than 30,000 workstations in a supposedly politically directed action by a group of hackers called the Cutting Sword of Justice. In a costly move only possible with a sovereign nation, the company sequestered its entire network while determining the cause of attack and fully restoring service. Meanwhile, the Chinese military has been accused of attempts to hack all types of industries, with a particular focus on oil and gas, according to the Mandiant Intelligence Center Report.
Read the full story here.