Energy firms 'increasingly vulnerable to catastrophic cyber attacks'

By Danny Palmer
18 Mar 2014 View Comments
energy-bills-gas

The industrial control systems used by energy and power suppliers are so vulnerable to cyber attacks that it's only a matter of time before hackers succeed with a major attack.

That's according to a research paper by Marsh Risk Management titled Advanced Cyber Attacks on Global Energy Facilities, which suggests the widespread adoption of internet-based control systems - designed to cut costs and improve efficiency - are leaving energy providers vulnerable to cyber attacks.

Further reading

The research paper suggests that this has resulted in a disproportionate number of cyber attacks made against the energy sector as hackers and cyber criminals attempt to exploit what could be a huge vulnerability.

"Although the global energy sector has yet to experience physical damage to facilities or disruption to supply as a result of a cyber-related event - publicly, at least - the disproportionate rate at which it is targeted for cyber attacks makes it appear only a matter of time before this trend is broken," reads the report.

Commenting on the launch of the paper, Andrew George, chairman of Marsh's Global Energy Practice, warned that the resilience of hackers is a risk to security in the sector.

"Open ICS have integrated controls that are linked with other information technology networks, giving hackers the opportunity to gain access through back doors and exploit system weaknesses to their advantage," he said.

"The resiliency [of the global energy sector] to date is certainly not due to a lack of effort on the part of hackers. Several energy firms have suffered attacks originating from malicious software or viruses, which have disrupted production and destroyed computer hardware," George continued.

"A successful attack on computer control or emergency shutdown systems, even at a small refinery, petrochemicals or gas plant, could result in estimated maximum loss as a result of fire or explosion worth hundreds of millions of dollars," he added.

The Marsh Risk Management report recommends greater collaboration between firms in the sector as part of a solution to protect against the threat of cyber attacks.

"It is imperative that energy companies consider the risk of cyber attack as an inevitable one, and focus on preparing scenarios to identify, respond, and contain any attacks accordingly," the report concludes.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

27 %
43 %
10 %
20 %