Cybersecurity Concerns for Your SCADA System and Your Internet of Things

 

The natural gas production, natural gas transmission and downstream power generations industries and chemical industry are on the verge of years of growth. Why? Cheap natural gas has created demand for cheaply produced electricity and cheaply produced chemical feedstocks. With these projects, already underway and a near certainty that these projects hedged a portion of their natural gas supply, they are going to continue.

Additional demand from the export of LNG is taking over 10 Bcf of natural gas off the North American market each day. This market is shifting from a past period of over supply to a current balance and depending on the winter weather a potential period of under supply. These projects mean revitalization in the producing, transmission, generation and chemical feedstock sectors. However, times have changed since the last similar cycle. We live in an age of cyber-attacks.

In 2013, over 150 cyber-attacks specifically targeting the energy sector were responded to by the Department of Homeland Security’s Computer Emergency Response Team. That is almost three per week. Does your emergency response book even have a section for this?

Here are some steps your firm can take to avoid unnecessary exposure to attack:

  • Educate your staff about tactics employed by cyber terrorists and cyber militants. “Spear-phishing” has been identified as a tactic used by China and others. This attack uses email that appears to be from an individual or firm the recipient knows. Also, remember that foreign operatives supposedly took down the alleged uranium enrichment program of a middle east country by leaving a thumb drive in the parking lot. Someone was curious enough about that thumb drive that they plugged it into a computer on the network.
  • Update your emergency response book/procedures to include cyber-attack procedures. Also, consider joining your local Infraguard Chapter as part of a joint effort.
  • If your SCADA system is old and makes little to no effort to modernize, you are most likely at risk. The Department of Homeland Security identified over a thousand SCADA systems and related devices used in the energy industry that lacked access restriction or had substandard password protection like default passwords. A group in Russia has published a list of SCADA systems and their default passwords. When you ask your SCADA department or vendor about this topic, please see how seriously they are about your security concerns.
  • Consider whether the access privileges you are providing to staff and vendors are appropriate to the tasks they are performing. Too much access can be a bad thing.
  • Consider the risks that may be introduced into a situation by meshing old products with new smart products. Gaps may exist. Consider whether you are unnecessarily mixing products from numerous manufacturers which may also create risk.

A cyber-attack could inflict great harm to your firm by damaging your reputation, creating economic loss or causing harm to the infrastructure of our country. A modern cloud-based SCADA solution eliminates many potential gaps because there are fewer exposed interfaces. Is your browser up-to-date? Yes. You’re good to go.

When you are ready to consider a modern SCADA system, we hope you will consider AccuTrac5. AccuTrac5 version 6 is all new for 2016. Please contact us for a demonstration, sales@AccuTrac5.com.

Tags: , ,

No comments yet. Be the first!

Leave a Reply

Get in touch

817.458.7950
217 W I20, Ste 1000, Weatherford, TX 76086