Mixing ERP and production systems: Oil industry at risk, say infosec bods


November 18, 2015

Black Hat Europe Hackers might be able to bridge the gap between supposedly air-gapped systems in oil and gas production by pivoting from enterprise planning onto production systems.

Vulnerabilities and insecure installations in SAP business software and other enterprise systems might be used to interfere with loosely-couple but nonetheless connected industrial control systems, security researchers from ERPScan warn.

Alexander Polyakov and Mathieu Geli outlined the risk during a presentation at last week’s Black Hat Europe conference in Amsterdam. As a worse case scenario, insecure setups might be exploited to interfere with operational processes and lead to disruptions in production or even sabotage.

Read full story…