“An attack on energy infrastructure has the potential to cross from the cyber realm to the physical world. A cyberattack could cause, for instance, a massive operational failure of an energy asset. Large centralized infrastructures are especially at risk due to the potential “domino effect” damage that an attack on a nuclear, coal, or oil plant could cause”.
The “Could Energy Industry Dynamics Be Creating an Impending Cyber Storm?” report, by the global insurance and risk management group Marsh, though, shows that, despite these fears about the impact of cyber attacks on production and revenues, more than half of energy executives in the survey had not quantified (an exact figure regarding the exposures) or did not know what their worst possible exposures could be…
The Marsh study follows the publication, in January, of the World Economic Forum’s Global Risk Report 2018, which said: “Cyberattacks are perceived as the global risk of highest concern to business leaders in advanced economies. Cyber is also viewed by the wider risk community as the risk most likely to intensify in 2018”.
Exposure to risks from cyber is growing, as firms become more dependent on technology, the WEF added.
“As the energy sector systems that monitor and run operations become more interconnected from smart grids, smart devices, and the growing internet of things, it increases the risk that a cyber-attack could result in physical damage” Marsh said.
This growing exposure has led the U.S. Department of Energy to set up an office to protect the nation’s power grid and other infrastructure against cyber attacks and natural disasters.
Especially after cybersecurity firm Symantec said, according to The Guardian, that ‘Dragonfly’ group has resumed operations, apparently working since late 2015 to investigate and penetrate energy facilities in, at least, three countries: the U.S., Turkey and Switzerland.
The Guardian states that, “the Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so”.
The researchers are unable to determine who is behind the Dragonfly campaign: part of the code is in Russian, while another bit is in French, “which indicates that one of these languages may be a false flag”. “Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it”, the Symantec warned.
“While it is encouraging that three-quarters of respondents plan more investment in cyber risk management, it is worrying that over half questioned have yet to quantify their exposures. For those firms that have not put plans in place to mitigate and manage attacks or have not measured their cyber exposure, now is the time to take steps to be prepared for the impact an attack could have on their operations and systems” Marsh said…./IBNA