The energy sector is a key target for cyber attacks

Introduction

The energy sector is one of the key infrastructure sectors and certainly a highlight of the IoT vision, for example, the SmartGrid. As such it’s a key target for attack since significant disruption of service has large economic effects (possibly strategic as well.) Unfortunately, it’s a very vulnerable sector since many of the existing systems are exploitable and it doesn’t seem that company executives are taking the problems seriously. 

Complacency a key issue

Executive complacency is probably the key issue in IoT and specifically energy sector manufactures. With a startling 88% of companies lacking confidence that their shipping devices are configured appropriated for secure operation. 

Critical infrastructure executives complacent about IoT security, study shows

Attack vectors

The energy sector is particularly vulnerable via many of the same vectors that other industrial control systems are with possible higher impact given the targets. These include: 

  • Unauthorized access and exploitation of Internet facing interfaces
  • Exploitation of vulnerabilities in control system devices and software
  • Malware infections control system networks
  • SQL injection via exploitation of web application vulnerabilities
  • Network scanning and probing
  • Targeted spear-phishing campaigns (specialized phishing campaigns targeted at employees and known targets.)
  • Strategic web site compromises

What needs to be done

Frankly, with complacency being a key issue, security needs to be taken more seriously. In fact, in a previous post, I point to a well written paper from AT&T that discusses this. A security-first approach is needed for every project, regardless of size. Here’s another set of articles I’ve written that covers a four step process for security assurance in IoT devices and by extension connected devices in the Energy sector:

A Four-Step Guide to Security Assurance for IoT Devices

 
Share

Leave a Reply

Your email address will not be published. Required fields are marked *