Cyber Attack - Are You Protected?

Feb 05, 2018

Written by: Timothy Dicks

This article was written in January 2018 for the 2018 Quarter One newsletter.

Energy has a clear role to play in daily life; powering everything from our recreational electronics to the buildings in which we spend our time to the critical services and infrastructure we count on. That criticality can make energy infrastructure an attractive target for malicious actors. And worse, there are some characteristics of that infrastructure that can make an attack easier than you might expect.

One danger building owners and managers should be aware of is the threat to industrial control systems. These come in many forms, but in generic terms, an ICS is the system that manages and regulates processes that are key to a facility's operation. These systems provide efficient ways to control energy use and processes - but also offer bad actors a single point of penetration that can give them the ability to turn off the lights and even destroy equipment.

This danger made headlines in 2015, when hackers used stolen credentials obtained through email phishing to hijack the power grid in Ukraine. With nothing more than the login information needed to remotely access key systems, malicious actors shut down power to a large part of the country, affecting hundreds of thousands of customers.

Energy companies, governments and large companies across the world took notice - as well as action to guard against such attacks. But the Ukraine incident has implications for anyone in control of systems that keep infrastructure working. What steps can you take to limit the risk to networks and systems in facilities you control?

    Safeguard credentials. The Ukraine attack demonstrates the importance of watching out for phishing attempts, in which attackers use spoof emails or other methods to fool someone into providing access to sensitive information, including passwords. Be careful what you click - especially if an email or website looks suspicious.
    Log and monitor access to systems. Be especially vigilant about remote access, and review logs for strange activity or logins from unusual locations.
    Keep Systems updated and patched. Control systems have log loves, meaning they need to be regularly maintained to guard against new dangers.
    Work with cybersecurity and/or IT resources if your organization has them. Partner with internal resources to protect software and systems crucial to your infrastructure.

Threats to cybersecurity are constantly evolving - but by staying vigilant, we can help protect critical information and thwart attempts to gain control of the key systems and infrastructure we count on.

Category: Industry Insights

Web Sponsors

Flynn Logo.pngStinson Services Minneapolis Commercial Roofing Contractors.png   2022 Website Logo - MN Roadways.png   identisys logo.png    Modern-Heating-and-Air.png