Malware on Oil Rigs

Tuesday, February 26, 2013 @ 02:02 PM gHale


Malicious software downloaded by offshore oil workers incapacitated computer networks on some rigs and platforms, exposing gaps in security.

Some of the infected files — featuring pornography or music piracy, for example — downloaded directly through satellite connections, while other malicious files came aboard on laptops and USB drives infected on land.

RELATED STORIES
Stuxnet Hit 4 Oil Companies
FL Utility Suffers DDoS
Hacks Hit Big Firms
Worm Elevates Detection Techniques
Data Breaches Take Months to Find

Oil rigs, like any major organization or company, have a target on their backs and need to develop a defense in depth program that can ward off or isolate attacks that could injure the network.

“The tide is slowly rising and incrementally making things better, but the exposed area is really so high that it’s not really fast enough to limit the risk,” said Misha Govshteyn, co-founder of Alert Logic, a network security company, in a Houston Chronicle report.

Malware infections have occurred at several offshore rigs and platforms, knocking some offline, security professionals said.

When infected devices connected to isolated networks, the malware spread and created problems. One instance, on a facility in the Gulf of Mexico, caused a system to lock up, Govshteyn said. “They literally had a worm that was flooding their network, and they’re out in the middle of the ocean.”

Other infections have had similarly disruptive effects, though none has involved a malicious attack that has had safety repercussions, security professionals said.

Jack Whitsitt, principal tactical analyst for the National Electric Sector Cybersecurity Organization, said in the same report a typical malware infection on energy infrastructure would likely cause no serious problems. But he said a tailored attack, engineered to target a facility through widely distributed malware, could have dangerous repercussions.

Is that just a scare tactic as many have employed over the years? If companies understand how Stuxnet propagated throughout the industrial control system at the Natanz nuclear enrichment facility in Iran, then it would be very easy to understand how an attacker could get into a system control an offshore platform.

With enough knowledge of a facility like an oil platform, refinery, or pipeline network, a cyber attack that used distributed malware could lead to physical damage, Whitsitt said.

If there is a targeted attack, preventing malware from getting onto a network is almost impossible, but a solid defense in depth portfolio will help focus on the attack and allow the user time to thwart the onslaught.

A Department of Homeland Security update in January said 40 percent of the intentional cyber attacks last year targeted energy infrastructure.



Leave a Reply

You must be logged in to post a comment.