Energy infrastructure cyber risk outlook for 2016
What are the likely cyber risks the energy sector will encounter in 2016?
CSO | Apr 28, 2016
The U.S. Energy Sector’s SCADA and ICS networks often are criticized in the press for being outdated, non-standardized, and difficult to manage because of inscrutability to all but a select few. I prefer to think of those as advantages.
Our infrastructure for SCADA and ICS are heterogeneous and distributed. Combine those advantages with the high bar for insider knowledge or engineering expertise necessary to understand and operate these systems and you have created a natural, layered defense! Still, threats and their corresponding risks exist.
My audacious risk predictions for the remainder of 2016 address the nature of the cyber threat and the potential for the energy sector to encounter it during the year. The risks are divided into High, Moderate, and Low. I’ve based these upon the basic Risk Equation: Risk=Threat x Vulnerability x Cost.
Cyber crime – high risk. Administrative systems are most at risk. Commonality of operating systems and the ability of utilities to pay large ransoms make the energy sector a very attractive target for ransomware and data theft.
Hacktivism – moderate risk. Hacktivists often focus on social issues. The energy sector may be targeted after accidents that affect the environment. DDoS intrusions remain a threat to administrative and customer service systems
Cyber espionage – moderate risk. Actors will continue to probe and insert persistent backdoors or other malware. In spite of declarations and treaties, cyber espionage will probably remain at current levels for the next year.
Cyber attack – low risk. The potential for effective, coordinated cyber-physical attacks involving intrusion into U.S. energy networks is low.
