This month, President Obama announced the ‘timely production of unclassified reports of cyber threats to the US homeland that identify a specific targeted entity.’ Read the full address here.
UK-based ABI Research has estimated cyber attacks on oil and gas infrastructure will drive $1.87 (exactly!) billion in cyber security spend by 2018. Oil and gas Scada systems, full of vulnerabilities, are connected to the internet ‘where cybercriminals roam in all impunity.’ Researcher Michela Menting observed, ‘Lack of appropriate security has allowed destructive cyber-attacks to lay waste some of the most high-profile companies in the industry!’ More verbal scareware here.
ISN blogger Neil Meadows reports that attacks on the oil and gas industry has resulted in the theft of secrets and intellectual property by cyber thieves and so called ‘hacktivists’. A report from McAfee found that hackers have ‘run rampant’ through five oil and gas corporate networks years, stealing trade secrets. Enter Cisco’s intrusion prevention system offering real-time protection against viruses, trojans and even ‘zero-day’ attacks. More from the ISN blog.
Tofino’s Eric Byres reports that opinions differ as to what how industrial systems should be secured. While deploying the latest VPNs, anti-virus, firewalls and IDS is great, getting them to interoperate is like ‘pulling teeth’. A new spec, the Interface for Metadata Access Points (IF-MAP), is a possible way forward. The idea is for a central clearing house for network security events and information*. More from Tofino.
Yokogawa and McAfee have partnered to offer ‘holistic and value-added’ IT security solutions for the industrial automation world. The partnership will embed anti-virus software into Yokogawa’s control systems.
Industrial Defender has published a short, five step guide to planning for the latest NERC CIP V5 regulations covering cyber security of critical infrastructure. ID recommends that the lengthy procedure required to prepare for V5 audit next July should be started right away. More from Industrial Defender.
* Sounds a bit like the US ICS CERT service.
© Oil IT Journal - all rights reserved.