When the energy and utility industry is the target of a cyber-attack the stakes are higher than in other industries because a cyber-attack has the ability to actually endanger the public.
Recently, an amateur hacker took over the tornado warning system for the city of Dallas, Texas, and set off 156 sirens just before midnight. While this caused confusion and was an inconvenience for people that thought it was real, if there were an actual tornado at that time, the consequences could have been catastrophic.
One of the significant problems the utility industry faces is that the majority of infrastructure they have in place was designed at a time where cyber threats were not nearly as common. This, coupled with legacy systems that may no longer supported by the original vendors, are a major factor into why this industry could be more at risk than others that face the challenges of IT security.
Several years ago NY State Electric & Gas was breached by inappropriate access through a service provider’s account through the improper sharing of log in credentials. Over 1.8 million records were stolen, including Social Security numbers, birthdates and financial data. This lead the New York State Public Service commission to do a data security review with every utility provider in the state. Loss of PII is always cause for concern, not just over the loss of customers, but also from lawsuits stemming from the subsequent identity fraud and other criminal behavior resulting from such breaches.
Petroleum companies regularly have to deal with quick hit hackers attaching skimming devices to their consumer gas pumps. It is one of the most common ways hackers exploit this industry for financial gain, but even more dangerous is the potential for the non-consumer hacking in this industry.
If a pipeline or oil drilling company operating in the Gulf of Mexico had a hacker gain access to systems that control the temperatures of rig apparatuses, they could potentially elevate the temperatures to heights that could cause mass explosions on the rigs, which could be harmful not only to those working on the rigs, but to the environment as well, and could have disastrous consequences if a pipeline ran through a highly populated area.
Another example would be if a hacker was able to get a hold of an energy grid. A cyber-attack could potentially shut down the power in a major city. While this sounds like the plot of a Hollywood action movie, it is actually plausible.
The IT security issues that companies face are no longer just at the level of the network. It could be argued that there is no longer a perimeter to defend, but rather companies need to defend the digital identities of those they employ, the equipment they use, and the vendors they do business with. With the addition of IOT, mobile applications and BYOD, securing those identities has become more complex than ever.
IDMWORKS knows firsthand the unique challenges that our customers in the energy and utility industry face when it comes to IT security. We can help secure your organization’s identities, identify gaps in security to prevent and create awareness of possible attacks, and deliver a strategy to educate your employees, contractors and partners on the risks of being careless with their access.