Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Data ManagementITPolicy and GovernancePrivacySecurity

Seek and Destroy: U.S. Energy Firms Warned of Recent IT Threats

onlinetech
onlinetech
5 Min Read
cybersecurity

cybersecurityLast Thursday, the U.S. government released a warning about the increasing risk of cyber attacks targeting critical energy corporations; seeking to destroy or manipulate industrial machinery in attempts to seize control of networks that deliver energy or run industrial processes, according to NYTimes.com and Washington Post.

cybersecurityLast Thursday, the U.S. government released a warning about the increasing risk of cyber attacks targeting critical energy corporations; seeking to destroy or manipulate industrial machinery in attempts to seize control of networks that deliver energy or run industrial processes, according to NYTimes.com and Washington Post.

According to the Washington Post, the unclassified alert was issued by the Depart. of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team or ICS-CERT, and released on a computer network accessible only to authorized industry and government users (hence why you won’t find a link to the report here).

NYTimes.com reports a key distinction in the latest warnings about the potential new attacks as attempts to destroy, rather than just obtain or steal information from U.S. companies. While the majority of previous attacks have been motivated by gaining competitive advantages by stealing trade secrets, the newest threats appear to be motivated by the intention to shut down industrial machinery and energy delivery.

More Read

Hybrid IT Service Delivery
No Encryption or BAAs: Keep PHI Off Unsecure Clouds
Big Data and Cloud Computing Demand a Cognitive Shift
Data, Energy, And The Smart City: A Conflicting Relationship
Hackers at the World Cup: Beware the Risky Free WiFi in Brazil’s Soccer Stadiums

The article also reports that senior officials briefed on the latest attacks claimed they targeted the administrative systems of 10 major unnamed U.S. energy companies. Another U.S. official reports the warning was released after intrusion to a corporate system that deals with chemical processes. The Washington Post also reports that foreign adversaries have been probing the computer systems that operate chemical, electric and water plants.

In February, an executive order was issued to direct federal agencies to provide timely information about threats to cybersecurity to the industry to enable proactive measures to protect their company and consumers, as well as critical infrastructure. The latest warning points out that the most likely targets, such as phone networks and electric utility grids are privately owned entities and not federally-run.

What is currently going on with federal cybersecurity? NYTimes Tech Blog, Bits, reports that the Dept. of Homeland Security has recently lost four top cybersecurity officials as they departed from office in the last four months – including Richard Spires, the former CIO of DHS, who did not provide a reason for resignation after being on administrative leave since March 15, according to the Washington Business Journal. The agency reports needing to expand its workforce by as many as 600, citing a need to employ a large number of skilled hackers to keep up with developing threats.

Back in last November, I wrote an article, Another Dead End for U.S. Cybersecurity? on the struggles of passing a cybersecurity bill in Senate that would set standards for companies that operate critical U.S. infrastructure, including power grids and chemical plants. While the executive order recently administered may supersede the twice-stalled and once-revised bill, significant time (potential R&D time) has been lost in thwarting bipartisan attempts in national cybersecurity.

NYTimes.com reports that there are no clear technical security standards outlined in the warning from last week other than to adhere to best practices that “many computer professionals already advise.” So, why not read up about our technical security services and also industry best practices, from daily log review to two-factor authentication for VPN (Virtual Private Network) to web application firewalls (WAFs).

Encrypting data, whether at rest or in transit, is another best practice that can enhance data privacy while meeting federal and industry data security compliance standards. Join our upcoming Encryption – Perspective on Privacy, Security & Compliance webinar on June 11 and submit your security questions in advance for a chance to discuss encryption with security professional Chris Heuman, Practice Leader for RISC Management and Consulting.

References:

Cyberattacks Against U.S. Corporations Are on the Rise
Tough Times at Homeland Security
U.S. Warns Industry of Heightened Risk of Cyberattack
Richard Spires Resigns as DHS CIO After Taking Administrative Leave

(image: IT threats / shutterstock)

TAGGED:
Share This Article

Follow us on Facebook

Latest News

AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive
data analytics and truck accident claims
How Data Analytics Reduces Truck Accidents and Speeds Up Claims
Analytics Big Data Exclusive
predictive analytics for interior designers
Interior Designers Boost Profits with Predictive Analytics
Analytics Exclusive Predictive Analytics
big data and cybercrime
Stopping Lateral Movement in a Data-Heavy, Edge-First World
Big Data Exclusive

Stay Connected

You Might also Like