September 24, 2015
For energy providers, the consequences of poor information security have moved from the cyber world to the real world.
In 2008 — before critical infrastructure cyberattacks were widespread — a devastating explosion destroyed a stretch of the Baku-Tbilisi-Ceyhan (BTC) oil pipeline in Turkey. Years later, investigators attributed the attack to cyberattackers who circumvented elaborate detection and protection systems, injecting malicious software into the pipeline’s control network.
Similar incidents have grown commonplace over the years. The Stuxnet worm ravaged an Iranian nuclear enrichment facility in 2010, while Chinese hacker groups, organized criminals and hacktivists have made numerous attempts to access or harm energy infrastructure.