[ISN] How can SCADA security be improved for oil and gas companies

http://www.energyglobal.com/downstream/special-reports/29052015/How-can-SCADA-security-be-improved-for-oil-and-gas-companies-089/ By Deborah Galea Manager, OPSWAT. 29/05/2015 According to the recently released 2015 Dell Security Annual Threat Report, SCADA attacks are on the rise. The report found that in 2014 the number of attacks on Supervisory Control and Data Acquisition (SCADA) systems doubled compared to the previous year. Most of these attacks occurred in Finland, the UK, and the US, probably due to the fact that in these countries SCADA systems are more likely to be connected to the internet. The Dell Report came on the heels of findings from the US Industrial Controls Systems Cyber Emergency Response Team (ICS-CERT) showing that energy was the most targeted sector for attack among all critical infrastructure providers. “Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” said Patrick Sweeney, Executive Director of Dell Security. “This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will continue to grow in the coming months and years.” This does not come as a surprise to those in hydrocarbons. Many SCADA and industrial control systems (ICS) were built decades ago when cyber security was not yet an issue for the industry. There has been an inevitable collision as operational technology (OT) systems like SCADA come into closer contact with IT management modalities, introducing risks as systems not designed for outside connectivity are exposed to the internet. In addition to their importance for hydrocarbons, SCADA systems control key functions for other critical infrastructure providers, such as utilities, airports and nuclear plants. Successful attacks on SCADA systems could potentially cause disruptions in services that we all depend on every day. For this reason, SCADA attacks are often politically motivated and backed by foreign state actors with motives such as industrial espionage and major supply chain disruption. […]