Skip to main content

The biggest oil and gas threat isn't drones. It's CYBER

Brand View: With almost 50 percent of all cyber attacks in the Middle East directed at energy companies that generate most of the region's income, security of computers and other digital networks is critical

Middle East oil and gas companies are attacked on a daily, perhaps even hourly, basis. Few make headlines or cause explosions. These agressions are purely virtual.
With almost 50 percent of all cyber attacks in the Middle East directed at the energy companies that generate most of the region’s income, security of computers and other digital networks is critical.
Cyber security breaches in the region are widespread and frequently undetected, with 30% of attacks targeting operational technology (OT), according to a study by Siemens and Ponemon Institute. Two-thirds of respondents in the study’s survey experienced at least one security compromise resulting in unrestricted information loss or operational disruption in the OT environment in the past year.
Intrusions have traditionally targeted Information Technology (IT) environments such as PCs and workstations. But with more digitalization and the convergence of IT and OT, there is a new threat to confront as industry gets more connected.
While companies in the region have begun to invest in protecting their assets from cyber threats, more needs to be done. Oil and gas producers in the Middle East dedicate only a third, on average, of their total cyber security budget to securing the OT environment. This suggests that organizations are not aligning their cyber investments with where they are most vulnerable.
Securing this infrastructure requires new solutions and partners who have the expertise in everything from sensors and software to the pumps, transformers and other equipment used in the industry.
To secure OT infrastructure, Siemens developed a four step approach:
  • Intrusion detection: Siemens uses artificial intelligence and unsupervised machine learning to create a baseline for normal behavior of the network’s communication. The company then passively monitors the entire network and determines anomalies in real time, without configuration or pre-set conditions.
  • Assessment: Siemens inspects and monitors the asset to determine weaknesses or threat gaps within the OT network and among its component systems. Implementing appropriate security could include imposing one-way communication with information flowing only out from an asset.
  • Automation: Siemens makes sure the latest software and hardware updates are available and installed for the entire automation system
  • Finally, Siemens ensures that in the case of any security incident, there is a plan in place to get the plant back online as soon as possible.
To protect critical infrastructure, oil and gas companies in the Gulf Cooperation Council must accerlerate the implementation of cyber security controls, starting with connecting their critical assets to fully benefit from digitalization. By using the technology underpinning the fourth industrial revolution, the industry will be able to monitor and confront attacks on their infrastructure, in real time.

Article by: Ziad Al-Sati, Head of Controls & Digitalization for MENA, Power Generation Services at Siemens

Comments

Popular posts from this blog

Ransomware's Dangerous New Trick Is Double-Encrypting Your Data

  Ransomware groups have always taken a more-is-more approach . If a victim pays a ransom and then goes back to business as usual-hit them again. Or don’t just encrypt a target’s systems; steal their data first, so you can threaten to leak it if they don’t pay up. The latest escalation? Ransomware hackers who encrypt a victim’s data twice at the same time. Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other. “The groups are constantly trying to work out which strategies are best , which net them the most money for the least amount of effort,” says Emsisoft threat analyst Brett Callow. “So in this approach you have a single actor deploying two types of ransomware. The victim decrypts their data and discovers it’s not act...

Babuk ransomware is back, uses new version on corporate networks

  After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks. The criminals are currently using a new version of their file-encrypting malware and have moved the operation to a new leak site that lists a handful of victims. Gang’s still in the game The Babuk ransomware group became known at the beginning of the year but the gang says that their attacks had started in mid-October 2020, targeting companies across the world and demanding ransoms typically between $60,000 and $85,000 in bitcoin cryptocurrency. In some cases, victims were asked hundreds of thousands for data decryption. One of their most publicized victims is the Washinton DC’s Metropolitan Police Department (MPD). This attack likely pushed the threat actor into announcing its retirement from the ransomware business only to adopt another extortion model that did not include encryption....

Microsoft Teams Phishing Attack Targets Office 365 Users

  Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a “missed chat” from Microsoft Teams. Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials. Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote workforces during the pandemic  — making it an attractive brand for attackers to impersonate. This particular campaign was sent to between 15,000 to 50,000 Office 365 users, according to researchers with Abnormal Security on Thursday. “Because Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification,” said researchers in a Thursday analysis . The initial phishing email displays the name ...