Next generation industrial control systems create ‘open invitation’ for hackers
The global energy sector is increasingly vulnerable to cyber-attacks and hacking, due to the widespread adoption of Internet-based, or ‘open’, industrial control systems (ICS) to reduce costs, improve efficiency and streamline operations in next-generation infrastructure developments.
According to the Marsh Risk Management Research paper, ‘Advanced Cyber Attacks on Global Energy Facilities’, energy firms are being disproportionately targeted by increasingly sophisticated hacker networks that are motivated by commercial and political gain.
Releasing the paper at Marsh’s bi-annual National Oil Companies (NOC) conference being held in Dubai, Andrew George, Chairman of Marsh’s Global Energy Practice, commented:
“Open ICS have integrated controls that are linked with other information technology networks, giving hackers the opportunity to gain access through back doors and exploit system weaknesses to their advantage.
“While the global energy sector has yet to experience a catastrophic physical damage loss as a result of a cyber-attack, its resiliency to date is certainly not due to a lack of effort on the part of hackers. Several energy firms have suffered attacks originating from malicious software or viruses, which have disrupted production and destroyed computer hardware.
“A successful attack on computer control or emergency shutdown systems, even at a small refinery, petrochemicals or gas plant, could result in estimated maximum loss as a result of fire or explosion worth hundreds of millions of dollars.”
While new projects generally incorporate more sophisticated risk management practices and apply rigorous standards to minimise risk, Marsh’s research states that cyber risk is accentuated at the beginning and end of the project lifecycle, during the design and decommissioning stages. Marsh refers to this at the ‘ICS security risk reliability bath-tub curve’.
Mr George continued: “While insurance is vital in mitigating the impact of cyber-attacks on energy companies’ bottom lines, the nature and changing risk profile of the cyber threat demands a collaborative, risk-based approach from businesses and governments around the world. Energy companies should consider the risk of cyber-attack as an inevitable one, and focus on preparing scenarios to identify, respond and contain any attacks accordingly.”
•Date: 19th March 2014 • World •Type: Article • Topic: ISM