"Explosive" cyber attacks in Oil and Gas are life threatening
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
The focus of most cybersecurity discussions relate to protecting money, reputation and information. Within financial institutions, it is often a threat to personal or company finances. In the telecommunications industry, it is more about personal identity information or intellectual property theft. At a government level, cyber-espionage is a relatively easy and low-cost way to acquire high-value intelligence.
However, the dangers of cyberattacks on physical infrastructure including SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems) are very real, growing and frightening, as a recent New York Times article about an attack on a petrochemical company with a plant in Saudi Arabia explains.
Within the Oil and Gas sector, cybersecurity attacks can cause explosions. For a long time, these plants were not connected to networks, but now, in the interests of simplicity of management, they have all been dangerously connected. The probability of these systems being attacked - and successfully so - is now much higher. These applications are NOT designed with security in mind, because, it was not the intention to have them connected to the internet.
The NYT article details an attack that was not designed to simply destroy data, or shut down the plant, but also to sabotage the firm's operations and trigger an explosion that would likely harm other humans. Investigators said the only thing that prevented an explosion was "a mistake in the attackers'computer code", one which they believe the hackers have "probably fixed by now". Investigators believe it is "only a matter of time" before they deploy the same technique against another company successfully.
Software developers are becoming key architects who underpin the success and safety of many public and private organizations. There is no greater example than in the Oil and Gas industry. It is more important than ever that they have a better knowledge of the security implications of their work and that they learn how to code securely, whatever language or frameworks they use.
If you want to see how developers can learn about security to help protect critical infrastructure, play the following challenge:
https://portal.securecodewarrior.com/#/simple-flow/web/injection/oscmd/cpp/vanilla
The only thing that prevented an explosion was a mistake in the attackers'computer code, the investigators said.
https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
The cyberassault was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to trigger an explosion. https://t.co/kQqcAhoW01
" The New York Times (@nytimes) March 15, 2018
A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. https://t.co/q9UdicR7dv
" Colin Wright (@colinismyname) March 22, 2018
The attack was a dangerous escalation in international hacking, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage. https://t.co/G8bBCteouZ#CyberSecurity #NetworkMonitoring
" Elitery Indonesia (@eliterydc) March 22, 2018
A recent failed #cyberassault on a Saudi Arabian petrochemical company had a deadly goal. This @NYTimes article explains more: https://t.co/3g8oDuPijm pic.twitter.com/MfSqrXSd9u
" Symantec EMEA (@SymantecEMEA) March 21, 2018
Matias Madou, Ph.D.
Related Articles We Recommend
Related Articles We Recommend
Dive into onto our latest secure coding insights on the blog.
Our extensive resource library aims to empower the human approach to secure coding upskilling.
Get the latest research on developer-driven security
Our extensive resource library is full of helpful resources from whitepapers to webinars to get you started with developer-driven secure coding. Explore it now.
"Explosive" cyber attacks in Oil and Gas are life threatening
The focus of most cybersecurity discussions relate to protecting money, reputation and information. Within financial institutions, it is often a threat to personal or company finances. In the telecommunications industry, it is more about personal identity information or intellectual property theft. At a government level, cyber-espionage is a relatively easy and low-cost way to acquire high-value intelligence.
However, the dangers of cyberattacks on physical infrastructure including SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems) are very real, growing and frightening, as a recent New York Times article about an attack on a petrochemical company with a plant in Saudi Arabia explains.
Within the Oil and Gas sector, cybersecurity attacks can cause explosions. For a long time, these plants were not connected to networks, but now, in the interests of simplicity of management, they have all been dangerously connected. The probability of these systems being attacked - and successfully so - is now much higher. These applications are NOT designed with security in mind, because, it was not the intention to have them connected to the internet.
The NYT article details an attack that was not designed to simply destroy data, or shut down the plant, but also to sabotage the firm's operations and trigger an explosion that would likely harm other humans. Investigators said the only thing that prevented an explosion was "a mistake in the attackers'computer code", one which they believe the hackers have "probably fixed by now". Investigators believe it is "only a matter of time" before they deploy the same technique against another company successfully.
Software developers are becoming key architects who underpin the success and safety of many public and private organizations. There is no greater example than in the Oil and Gas industry. It is more important than ever that they have a better knowledge of the security implications of their work and that they learn how to code securely, whatever language or frameworks they use.
If you want to see how developers can learn about security to help protect critical infrastructure, play the following challenge:
https://portal.securecodewarrior.com/#/simple-flow/web/injection/oscmd/cpp/vanilla
The only thing that prevented an explosion was a mistake in the attackers'computer code, the investigators said.
https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
The cyberassault was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to trigger an explosion. https://t.co/kQqcAhoW01
" The New York Times (@nytimes) March 15, 2018
A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. https://t.co/q9UdicR7dv
" Colin Wright (@colinismyname) March 22, 2018
The attack was a dangerous escalation in international hacking, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage. https://t.co/G8bBCteouZ#CyberSecurity #NetworkMonitoring
" Elitery Indonesia (@eliterydc) March 22, 2018
A recent failed #cyberassault on a Saudi Arabian petrochemical company had a deadly goal. This @NYTimes article explains more: https://t.co/3g8oDuPijm pic.twitter.com/MfSqrXSd9u
" Symantec EMEA (@SymantecEMEA) March 21, 2018
