Energy


  • No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

    July 24, 2018

      The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, ...

  • DNV GL launches cyber security recommended practice

    May 27, 2018

    DNV GL has published a ‘recommended practice on cyber security’ for the oil and gas industry, looking at ‘operational technology’ – such as control and automation systems. The recommended practice addresses how oil and gas companies, together with system integrators and vendors, can manage the cyber threat. The recommended practice is the result of a two-year joint ...

  • A critical security flaw in popular industrial software put power plants at risk

    May 2, 2018

    A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure. Researchers at security firm Tenable found the flaw in the popular Schneider Electric software, used across the manufacturing and power industries, which if exploited could have allowed a skilled attacker to ...

  • Smart meters could leave British homes vulnerable to cyber attacks, experts have warned

    February 18, 2018

    New smart energy meters that the Government wants to be installed in millions of homes will leave householders vulnerable to cyber attacks, ministers have been warned. The intelligence agency GCHQ is said to have raised concerns over the security of the meters, which could enable hackers to steal personal details and defraud consumers by tampering with ...

  • Plague of the Cyber RATs: How a toxic computer code delivered by ‘Remote Access Trojans’ is an invisible army able to take over a petrochemical plant

    February 17, 2018

    On a broiling day last August, managers of a huge petrochemical plant in Saudi Arabia discovered to their horror that it had been attacked. The consequences could have been catastrophic: the invaders had seized command of its computerised control-and-safety system, and had the power to damage it severely. The attackers carried no guns, explosives, or conventional weapons. Yet ...

  • UK names Russia as source of NotPetya, USA follows suit

    February 15, 2018

    The United Kingdon’s Foreign and Commonwealth Office has formally “attributed the NotPetya cyber-attack to the Russian Government”, specifically the nation’s military. “The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity,” said a February-15th-dated statement from Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of ...

  • Analysts: U.S. nuclear modernization plan under-invests in cybersecurity

    January 23, 2018

    The nuclear posture review specifically mentions “expanding threats in space and cyberspace.” Since a leaked draft of the Defense Department’s nuclear posture review was revealed by the Huffington Post, analysts and arms control experts have sounded alarms about language in the document that suggests the Trump administration would broaden the scenarios where it would be acceptable ...

  • Trisis has the security world spooked, stumped and searching for answers

    January 16, 2018

    More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the ...

  • Dragonfly 2.0: Hacking Group Infiltrated European and US Power Facilities

    September 7, 2017

    The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different ...

  • Many Factors Conspire in ICS/SCADA Attacks

    August 11, 2017

    Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The space of ICS/SCADA has not changed much, so you can find devices running old OSes ...

  • Hackers target Irish energy networks amid fears of further cyber attacks on UK’s crucial infrastructure

    July 15, 2017

    Hackers have targeted Irish energy networks amid warnings over the potential impact of intensifying cyber attacks on crucial infrastructure. Senior engineers at the Electricity Supply Board (ESB), which supplies both Northern Ireland and the Republic, were sent personalised emails containing malicious software by a group linked to Russia’s GRU intelligence agency, The Times reported. Analysts told the newspaper ...

  • Industrial control security practitioners ‘working blind’ to protect their network

    July 14, 2017

    Four out of 10 industrial control security practitioners don’t have proper visibility into their ICS networks. This is according to a new study by the SANS Institute. Based on a poll of ICS practitioners and cybersecurity stakeholders across various verticals, including energy, manufacturing, oil and gas, the report says that 40 percent of defenders are actually ...

  • Hackers are using this new attack method to target power companies

    July 10, 2017

    Phishing emails, used to steal credentials from critical infrastructure firms, can silently harvest data without even using macros, researchers have warned. Hackers are targeting energy companies, including those working in nuclear power and other critical infrastructures providers, with a technique that puts a new spin on a tried-and-tested form of cyberattack. Phishing has long been a successful ...

  • The oil and gas sector must not be complacent about cyber security

    July 10, 2017

    The recent financial pressures as a result of the oil downturn have left cyber security functions for many firms within the oil and gas sector  considerably underfunded and out of date. This has the potential to create a wealth of opportunity for cyber criminals to test their capabilities, and those operating in the oil and gas ...

  • U.S. warns businesses of hacking campaign against nuclear, energy firms

    July 1, 2017

    The U.S government warned industrial firms this week about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry’s vulnerability to cyber attacks. Since at least May, hackers used tainted “phishing” emails to “harvest credentials” so they could gain access to networks of their targets, according to a joint ...

  • Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down

    June 27, 2017

    Major firms, airports and government departments in Ukraine have been struck by a massive cyber attack which began to spread across Europe on Tuesday afternoon. In Ukraine, government departments, the central bank, a state-run aircraft manufacturer,  the airport in Kiev and  the metro network have all been paralysed by the hack. In the UK, the advertising firm WPP said ...

  • Oil & Gas Industry Faces More Frequent & Sophisticated Cyber Attacks: Deloitte

    June 27, 2017

    Three out of four oil and natural gas companies fell victim to at least one cyber attack last year as hacking efforts against the industry become more frequent and sophisticated. That’s the finding from a report released Monday by industry consultant Deloitte LLP. Technology advances, such as Royal Dutch Shell Plc’s recent control of operations in Argentina ...

  • Targeting the Energy Sector

    June 19, 2017

    When we think about critical infrastructures, we tend to think about energy. Whether electric power lines or supplies to oil and gas, cut off access to energy, and our worlds go dark. Though you can certainly argue that other industries are just as critical—pharmaceuticals, food supply and others—it is the energy sector that seems to ...

  • Dangerous Malware Discovered that Can Take Down Electric Power Grids

    June 12, 2017

    Last December, a cyber attack on Ukrainian Electric power grid caused the power outage in the northern part of Kiev — the country’s capital — and surrounding areas, causing a blackout for tens of thousands of citizens for an hour and fifteen minutes around midnight. Now, security researchers have discovered the culprit behind those cyber attacks ...

  • WAPA And Energy Industry Partners Continue Dialogue On Threats Of Cyber Attacks On Electrical Systems

    June 2, 2017

    Personnel from the Virgin Islands Water and Power Authority were among the participants in a continued discussion on Friday about the risks of cyberattacks on electric generating and distribution systems, WAPA has made known. The Cyber-Physical Modeling and Simulation for Situational Awareness (CYMSA) project is a three-year-old initiative, funded through the Department of Energy’s Office of ...