IT security specialist McAfee has just released a report ‘In the Crossfire, Critical Infrastructure in the age of Cyber War.’ The report, prepared by a team from the Obama Presidency’s Center for Strategic and International Studies (CSIS), involved 600 IT and security executives from critical infrastructure enterprises around the world. Operators report that their IT networks are under repeated cyber attack often by ‘high level adversaries’ with ‘severe’ impact.
‘Theft of service’ cyber attacks are highest in the oil and gas sector (75% of respondents). Oil and gas also reported the highest rates of ‘stealthy infiltration’ (71%). Typically service theft is by distributed denial of service (DDOS) from a rented ‘botnet.’ Motives for such attacks may be mischief or financial gain. Their impact includes making websites inaccessible and affecting e-mail, IP telephony and other ‘operationally significant functions.’ The latter includes oil and gas sectors attacks on SCADA/control systems that could give hijackers control of systems, creating the potential for large environmental disasters.
The study analyzes the degree and impact of regulation on cyber security—and the involvement of foreign governments in such nefarious practices. Regulation is high in India, China and Germany, but (despite Homeland Security) lowest in the US. Most believe that foreign governments are involved in network attacks against their country’s critical infrastructure, with the US and China seen as the ‘most worrisome’ potential cyber aggressors. Cost is the biggest obstacle to ensuring security. But in oil and gas, lack of awareness of the problem is a serious issue. ‘Management does not understand the scale of the threat.’ In Saudi Arabia a remarkable 90% said that their sector was under prepared to some degree.
The report introduces a Security Measure Adoption Rate scorecard that evaluates security fixes such as encryption, authentication and application white listing. The SMAR evaluation showed China as leading the field in SCADA security. Chinese operators have adopted nearly three times as many key security measures as Indian and Spanish operators. The 2008 Conficker worm attack on Microsoft Windows-based systems was ‘a wake-up call’ as ‘it got into places that raised real concerns.’
Addressing the issue of SCADA/control system to internet connectivity, Phyllis Schneck McAfee VP and CSIS member noted, ‘Remote access to control systems poses a huge danger. We must either protect them appropriately or move them to more private networks.’
Such ‘reperimeterization’ was a hot topic in our report from last month’s API oil and gas IT Security conference. The full McAfee/CSIS report and slides are available on oilit.com/links/1002_1a and 1b.
© Oil IT Journal - all rights reserved.