http://www.darkreading.com/attacks-breaches/destructive-attacks-on-oil-and-gas-indus/240161700
By Kelly Jackson Higgins
Dark Reading
September 23, 2013
Some 30,000 or so hard drives were scrapped and replaced with new ones
last year on Saudi Aramco's internal corporate network after a massive
cyberattack destroyed data on the oil and natural gas company's Windows
machines. While the massive attack didn't directly affect Saudi Aramco's
oil production and exploration systems, it raised the stakes for the
increasingly targeted oil and gas industry and also raised concerns of
possible market fallout from such attacks.
The oil and gas industry today is in the bull's eye of nation-states,
hacktivists, and even cybercriminals, and, like other energy sectors, its
industrial control systems are about a decade behind the security curve of
the traditional IT environment. While Saudi Aramco said the attack was
isolated to its corporate network and didn't directly affect its
hydrocarbon exploration and production systems -- which run on isolated
networks -- the reality is that a successful cyberattack could have ripple
effects and ultimately result in real-world economic consequences in the
oil and gas markets, security and oil and gas industry experts say. It
could either directly or indirectly disrupt production, competition, and,
ultimately, prices at the pump, they say.
If Stuxnet were the tipping point for ICS/SCADA attacks, then the
data-destruction attacks on Saudi Aramco and on Qatar's RasGas gas company
last year represent a major shift from cyberspying on oil and gas
companies to more widespread destruction of their operations.
"I wonder if that's their Estonia moment," says Richard Bejtlich, CSO at
incident response provider Mandiant, who says his company has been getting
more inquiries from Middle East organizations lately. "We're moving beyond
the stage of, 'This is a problem, and how do we fix it?'"
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
