Energy


  • Utilities, Energy Sector Attacked Mainly Via IT, Not ICS

    November 1, 2018

    Stealing administrative credentials to carry out months-long spy campaigns is a top threat. While industrial control systems (ICS) are the most talked-about when it comes to cyberattacks against energy and utilities firms, most attacks actually take aim at the enterprise IT networks used by these organizations, rather than critical infrastructure itself. The Vectra 2018 Spotlight Report on Energy and ...

  • Industry backs Norway’s AI powerhouse project

    October 2, 2018

    Norway is stepping up its efforts in the rapidly evolving and increasingly commercial artificial intelligence (AI) sector. Participants in the latest programme want to reduce the country’s reliance on oil revenues by tapping into AI opportunities in its growing technology sector. Norway has traditionally played a junior role in the context of Nordic technology development, investment and ...

  • An insider view of a cybersecurity training workshop for employees of Europe’s transmission system operators.

    October 1, 2018

    After the hackers had stealthily accessed the SCADA system and blew the transformer with a loud bang, the defenceless employees had no option but to remove the control plugs and manually turn the machine back on. “That’s what they had to do in Ukraine,” said Michael John, Director of Operations at the European Network for Cybersecurity (ENCS), referring to the world’s ...

  • Cyber security threat to Britain’s oil and gas sites as attack could cause ‘unprecedented damage’

    August 17, 2018

    Brian Lord OBE says a successful attack on its infrastructure could cause “unprecedented damage” and “unrest across the world”. With a complex ecosystem of computation, networking, and physical operational processes spread around the world the industry has a large attack surface with many attack vectors. A typical large oil and gas company uses half a million processors ...

  • Can you recover the power grid after a cyberattack? The Department of Energy finds out

    August 6, 2018

    The US Department of Energy (DoE) is planning a “hands-on” test of the real-world consequences associated with successful cyberattacks against core country services. Cyberattacks levied against critical infrastructure, smart grids, and utilities are not a future possibility; but rather, they are happening now. Ukraine’s power grid blackout in 2016 was one of the first real indicators that ...

  • Poor cybersecurity could destabilise increasingly complex energy grids

    July 26, 2018

    The future of smart energy grids, with automatic management of both supply and demand, is “looking really interesting”, says Phil Kernick, chief technology officer at security firm CQR Consulting. But the current state of the technology and its security is a problem. “The distribution systems and the generation systems were deployed a decade and a half ...

  • No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

    July 24, 2018

      The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, ...

  • DNV GL launches cyber security recommended practice

    May 27, 2018

    DNV GL has published a ‘recommended practice on cyber security’ for the oil and gas industry, looking at ‘operational technology’ – such as control and automation systems. The recommended practice addresses how oil and gas companies, together with system integrators and vendors, can manage the cyber threat. The recommended practice is the result of a two-year joint ...

  • A critical security flaw in popular industrial software put power plants at risk

    May 2, 2018

    A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure. Researchers at security firm Tenable found the flaw in the popular Schneider Electric software, used across the manufacturing and power industries, which if exploited could have allowed a skilled attacker to ...

  • Smart meters could leave British homes vulnerable to cyber attacks, experts have warned

    February 18, 2018

    New smart energy meters that the Government wants to be installed in millions of homes will leave householders vulnerable to cyber attacks, ministers have been warned. The intelligence agency GCHQ is said to have raised concerns over the security of the meters, which could enable hackers to steal personal details and defraud consumers by tampering with ...

  • Plague of the Cyber RATs: How a toxic computer code delivered by ‘Remote Access Trojans’ is an invisible army able to take over a petrochemical plant

    February 17, 2018

    On a broiling day last August, managers of a huge petrochemical plant in Saudi Arabia discovered to their horror that it had been attacked. The consequences could have been catastrophic: the invaders had seized command of its computerised control-and-safety system, and had the power to damage it severely. The attackers carried no guns, explosives, or conventional weapons. Yet ...

  • UK names Russia as source of NotPetya, USA follows suit

    February 15, 2018

    The United Kingdon’s Foreign and Commonwealth Office has formally “attributed the NotPetya cyber-attack to the Russian Government”, specifically the nation’s military. “The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity,” said a February-15th-dated statement from Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of ...

  • Analysts: U.S. nuclear modernization plan under-invests in cybersecurity

    January 23, 2018

    The nuclear posture review specifically mentions “expanding threats in space and cyberspace.” Since a leaked draft of the Defense Department’s nuclear posture review was revealed by the Huffington Post, analysts and arms control experts have sounded alarms about language in the document that suggests the Trump administration would broaden the scenarios where it would be acceptable ...

  • Trisis has the security world spooked, stumped and searching for answers

    January 16, 2018

    More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the ...

  • Dragonfly 2.0: Hacking Group Infiltrated European and US Power Facilities

    September 7, 2017

    The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different ...

  • Many Factors Conspire in ICS/SCADA Attacks

    August 11, 2017

    Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The space of ICS/SCADA has not changed much, so you can find devices running old OSes ...

  • Hackers target Irish energy networks amid fears of further cyber attacks on UK’s crucial infrastructure

    July 15, 2017

    Hackers have targeted Irish energy networks amid warnings over the potential impact of intensifying cyber attacks on crucial infrastructure. Senior engineers at the Electricity Supply Board (ESB), which supplies both Northern Ireland and the Republic, were sent personalised emails containing malicious software by a group linked to Russia’s GRU intelligence agency, The Times reported. Analysts told the newspaper ...

  • Industrial control security practitioners ‘working blind’ to protect their network

    July 14, 2017

    Four out of 10 industrial control security practitioners don’t have proper visibility into their ICS networks. This is according to a new study by the SANS Institute. Based on a poll of ICS practitioners and cybersecurity stakeholders across various verticals, including energy, manufacturing, oil and gas, the report says that 40 percent of defenders are actually ...

  • Hackers are using this new attack method to target power companies

    July 10, 2017

    Phishing emails, used to steal credentials from critical infrastructure firms, can silently harvest data without even using macros, researchers have warned. Hackers are targeting energy companies, including those working in nuclear power and other critical infrastructures providers, with a technique that puts a new spin on a tried-and-tested form of cyberattack. Phishing has long been a successful ...

  • The oil and gas sector must not be complacent about cyber security

    July 10, 2017

    The recent financial pressures as a result of the oil downturn have left cyber security functions for many firms within the oil and gas sector  considerably underfunded and out of date. This has the potential to create a wealth of opportunity for cyber criminals to test their capabilities, and those operating in the oil and gas ...