Oil and gas sector in Gulf region ‘prone to cyber attacks’

Manama / Tribune news service

Old and outdated systems running the oil and gas sector in the Gulf are vulnerable to cyber attacks, according to a security expert. Hackers keep exploiting this weakness which is reflected in the sharp rise in the number of attempts reported by a global cyber security watchdog monitoring the
situation.
“The underlying technology that powers the oil and gas sector is vulnerable to cyber attacks because of technical and operational constraints that do not easily allow these systems to be properly maintained from a security standpoint,” said US-based Red Tiger Security executive director Jonathan Pollet.
“The sector running on old and outdated hardware and software keeps it in a ‘forever vulnerable state’,” he told the GDN. Security hackers are targeting this weakness, proof of which is the 743 per cent increase since 2010 in the number of vulnerabilities reported to the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
“The technology that monitors oil and gas commodities, SCADA (supervisory control and data acquisition) has to operate on a 24/7 basis, so it is difficult to keep these systems up-to-date with the latest security patches and updates.”
“Many SCADA systems were deployed years ago on old outdated hardware and software, and since they still work, these systems are not being refreshed or updated. That means that they are running on old operating systems like Microsoft Windows XP, for which there are no longer patches available and is in a forever vulnerable state.”
“SCADA system vendors are hesitant to vet third party security software agents like Antivirus, Application Whitelisting or other forms of end-point security. So, most SCADA systems do not have the same level of end-point protection as corporate IT systems, yet they are running on similar platforms.”
“Even if they could install end-point security software on these systems, getting new signature updates down to them is difficult since these systems are often sitting behind one or more firewalls without Internet access.”
“SCADA systems are often configured with a default password during the commissioning stage and they are set up to not require a change of password. Pollet said that the number of cyber attacks in the industrial sector has also increased with targeted campaigns against the sector.”
“Since 2010, the number of vulnerabilities reported to the US ICS-CERT has increased by 743pc, which means that security researchers, hackers and the overall security community are much more aware of the vulnerabilities. The number of cyber attacks in the industrial sector has also increased with several targeted campaigns that have been made against the oil and gas, energy and petrochemical sectors. Attacks such as stuxnet, flame, mahdi, shamoon and blackenergy (malwares) show how well the adversaries understand industrial control systems and the sophistication of their creation.”
“Several attacks have recently used watering hole techniques to target and infect professional engineers’ laptops with malware that specifically looks for OPC (Object Linking and Embedding for Process Control) servers.” OPC is a software interface standard that allows Windows programmes to communicate with industrial hardware devices.
“This tells us that the adversaries not only understand how SCADA and ICS systems work but they are also able to create custom malware and use new techniques to deliver the malware to the systems that would most likely give them access to the heart of the system.”