"Explosive" cyber attacks in Oil and Gas are life threatening
"Explosive" cyber attacks in Oil and Gas are life threatening
The focus of most cybersecurity discussions relate to protecting money, reputation and information. Within financial institutions, it is often a threat to personal or company finances. In the telecommunications industry, it is more about personal identity information or intellectual property theft. At a government level, cyber-espionage is a relatively easy and low-cost way to acquire high-value intelligence.
However, the dangers of cyberattacks on physical infrastructure including SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems) are very real, growing and frightening, as a recent New York Times article about an attack on a petrochemical company with a plant in Saudi Arabia explains.
Within the Oil and Gas sector, cybersecurity attacks can cause explosions. For a long time, these plants were not connected to networks, but now, in the interests of simplicity of management, they have all been dangerously connected. The probability of these systems being attacked - and successfully so - is now much higher. These applications are NOT designed with security in mind, because, it was not the intention to have them connected to the internet.
The NYT article details an attack that was not designed to simply destroy data, or shut down the plant, but also to sabotage the firm's operations and trigger an explosion that would likely harm other humans. Investigators said the only thing that prevented an explosion was "a mistake in the attackers'computer code", one which they believe the hackers have "probably fixed by now". Investigators believe it is "only a matter of time" before they deploy the same technique against another company successfully.
Software developers are becoming key architects who underpin the success and safety of many public and private organizations. There is no greater example than in the Oil and Gas industry. It is more important than ever that they have a better knowledge of the security implications of their work and that they learn how to code securely, whatever language or frameworks they use.
If you want to see how developers can learn about security to help protect critical infrastructure, play the following challenge:
https://portal.securecodewarrior.com/#/simple-flow/web/injection/oscmd/cpp/vanilla
The only thing that prevented an explosion was a mistake in the attackers'computer code, the investigators said.
https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
The cyberassault was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to trigger an explosion. https://t.co/kQqcAhoW01
" The New York Times (@nytimes) March 15, 2018
A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. https://t.co/q9UdicR7dv
" Colin Wright (@colinismyname) March 22, 2018
The attack was a dangerous escalation in international hacking, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage. https://t.co/G8bBCteouZ#CyberSecurity #NetworkMonitoring
" Elitery Indonesia (@eliterydc) March 22, 2018
A recent failed #cyberassault on a Saudi Arabian petrochemical company had a deadly goal. This @NYTimes article explains more: https://t.co/3g8oDuPijm pic.twitter.com/MfSqrXSd9u
" Symantec EMEA (@SymantecEMEA) March 21, 2018
Resources to get you started
Trust Agent by Secure Code Warrior
Discover SCW Trust Agent, an innovative solution designed to enhance security by aligning developer secure code knowledge and skills with the work they commit. It provides comprehensive visibility and controls across an organization's entire code repository, analyzing each commit against developers' secure code profiles. With SCW Trust Agent, organizations can strengthen their security posture, optimize development lifecycles, and scale developer-driven security.
Resources to get you started
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
SCW Trust Agent - Visibility and Control to Scale Developer Driven Security
SCW Trust Agent, introduced by Secure Code Warrior, offers security leaders the visibility and control needed to scale developer-driven security within organizations. By connecting to code repositories, it assesses code commit metadata, inspects developers, programming languages used, and shipment timestamps to determine developers' security knowledge.
"Explosive" cyber attacks in Oil and Gas are life threatening
The focus of most cybersecurity discussions relate to protecting money, reputation and information. Within financial institutions, it is often a threat to personal or company finances. In the telecommunications industry, it is more about personal identity information or intellectual property theft. At a government level, cyber-espionage is a relatively easy and low-cost way to acquire high-value intelligence.
However, the dangers of cyberattacks on physical infrastructure including SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems) are very real, growing and frightening, as a recent New York Times article about an attack on a petrochemical company with a plant in Saudi Arabia explains.
Within the Oil and Gas sector, cybersecurity attacks can cause explosions. For a long time, these plants were not connected to networks, but now, in the interests of simplicity of management, they have all been dangerously connected. The probability of these systems being attacked - and successfully so - is now much higher. These applications are NOT designed with security in mind, because, it was not the intention to have them connected to the internet.
The NYT article details an attack that was not designed to simply destroy data, or shut down the plant, but also to sabotage the firm's operations and trigger an explosion that would likely harm other humans. Investigators said the only thing that prevented an explosion was "a mistake in the attackers'computer code", one which they believe the hackers have "probably fixed by now". Investigators believe it is "only a matter of time" before they deploy the same technique against another company successfully.
Software developers are becoming key architects who underpin the success and safety of many public and private organizations. There is no greater example than in the Oil and Gas industry. It is more important than ever that they have a better knowledge of the security implications of their work and that they learn how to code securely, whatever language or frameworks they use.
If you want to see how developers can learn about security to help protect critical infrastructure, play the following challenge:
https://portal.securecodewarrior.com/#/simple-flow/web/injection/oscmd/cpp/vanilla
The only thing that prevented an explosion was a mistake in the attackers'computer code, the investigators said.
https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
The cyberassault was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to trigger an explosion. https://t.co/kQqcAhoW01
" The New York Times (@nytimes) March 15, 2018
A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. https://t.co/q9UdicR7dv
" Colin Wright (@colinismyname) March 22, 2018
The attack was a dangerous escalation in international hacking, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage. https://t.co/G8bBCteouZ#CyberSecurity #NetworkMonitoring
" Elitery Indonesia (@eliterydc) March 22, 2018
A recent failed #cyberassault on a Saudi Arabian petrochemical company had a deadly goal. This @NYTimes article explains more: https://t.co/3g8oDuPijm pic.twitter.com/MfSqrXSd9u
" Symantec EMEA (@SymantecEMEA) March 21, 2018
Resources to get you started
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
SCW Trust Agent - Visibility and Control to Scale Developer Driven Security
SCW Trust Agent, introduced by Secure Code Warrior, offers security leaders the visibility and control needed to scale developer-driven security within organizations. By connecting to code repositories, it assesses code commit metadata, inspects developers, programming languages used, and shipment timestamps to determine developers' security knowledge.
Trust Agent by Secure Code Warrior
Discover SCW Trust Agent, an innovative solution designed to enhance security by aligning developer secure code knowledge and skills with the work they commit. It provides comprehensive visibility and controls across an organization's entire code repository, analyzing each commit against developers' secure code profiles. With SCW Trust Agent, organizations can strengthen their security posture, optimize development lifecycles, and scale developer-driven security.