A whitepaper from McAfee describes the ‘Night Dragon’ cyber attacks on global oil, energy, and petrochemical companies. The attacks began in November 2009 using social engineering, phishing and exploitation of Microsoft Windows vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations. The Night Dragon attacks ‘primarily’ from an individual based in Heze City, Shandong Province, China who appears to have provided the internet command and control infrastructure to the attackers—www.oilit.com/links/1102_15.
Pending legislation is to update the US Dept. of Homeland Security Chemical Facility Anti-Terrorism Standards (CFATS) program. CFATS includes security vulnerability assessments (SVAs), site security plans (SSPs) and other protective measures. A Chemical Security Assessment Tool (CSAT) has been developed to identify high-risk facilities and provide help on SVAs and SSPs. CSAT, an online application, includes CFATS compliance and ‘Top-Screen,’ a consequence-based screening tool—www.oilit.com/links/1102_13.
A new whitepaper from Intel invites CIOs to ‘rethink’ information security. A strategy is proposed based on the four pillars of trust, security zones, controls and perimeters—along with a security model for the cloud—www.oilit.com/links/1102_14.
© Oil IT Journal - all rights reserved.