Business continuity news

Never miss a news story: signup for our free weekly email newsletter.

Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

In Hindsight - A compendium of Business Continuity case studies

Add to Google  

Use Google?
Click the button to add Continuity Central news to your Google home page

Follow us on Twitter  

Get immediate news
and information updates via our Twitter feed.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here

Before using this website ensure that you understand and accept our cookie policy. More details

Next generation industrial control systems create ‘open invitation’ for hackers

The global energy sector is increasingly vulnerable to cyber-attacks and hacking, due to the widespread adoption of Internet-based, or ‘open’, industrial control systems (ICS) to reduce costs, improve efficiency and streamline operations in next-generation infrastructure developments.

According to the Marsh Risk Management Research paper, ‘Advanced Cyber Attacks on Global Energy Facilities’, energy firms are being disproportionately targeted by increasingly sophisticated hacker networks that are motivated by commercial and political gain.

Releasing the paper at Marsh’s bi-annual National Oil Companies (NOC) conference being held in Dubai, Andrew George, Chairman of Marsh’s Global Energy Practice, commented:

“Open ICS have integrated controls that are linked with other information technology networks, giving hackers the opportunity to gain access through back doors and exploit system weaknesses to their advantage.

“While the global energy sector has yet to experience a catastrophic physical damage loss as a result of a cyber-attack, its resiliency to date is certainly not due to a lack of effort on the part of hackers. Several energy firms have suffered attacks originating from malicious software or viruses, which have disrupted production and destroyed computer hardware.

“A successful attack on computer control or emergency shutdown systems, even at a small refinery, petrochemicals or gas plant, could result in estimated maximum loss as a result of fire or explosion worth hundreds of millions of dollars.”

While new projects generally incorporate more sophisticated risk management practices and apply rigorous standards to minimise risk, Marsh’s research states that cyber risk is accentuated at the beginning and end of the project lifecycle, during the design and decommissioning stages. Marsh refers to this at the ‘ICS security risk reliability bath-tub curve’.

Mr George continued: “While insurance is vital in mitigating the impact of cyber-attacks on energy companies’ bottom lines, the nature and changing risk profile of the cyber threat demands a collaborative, risk-based approach from businesses and governments around the world. Energy companies should consider the risk of cyber-attack as an inevitable one, and focus on preparing scenarios to identify, respond and contain any attacks accordingly.”

Read the report.

•Date: 19th March 2014 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

Business continuity software

BCM software

BCM software


Guidance on Organizational Resilience