The energy industry provides the foundation for our economy and life as we know it, and any disruption in the services it provides can have disastrous consequences for the nation as a whole. It is an industry which faces unique challenges with a complicated technological ecosystem, from the physical machinery on the sea floor, to a complex supply chain reliant on multiple systems, to national grids delivering energy into homes.
Last Friday, ransomware took centre stage in one of the largest outbreaks ever, hitting companies in the energy industry such as Gas Natural. WannaCry is just the tip of the iceberg. Even if you weren’t compromised this time, now is the time to act to make sure that your systems are protected for the next time this happens, and it will.
Get legacy systems up to scratch
Too many companies continue to rely on out of date legacy systems which are not properly maintained.
Update passwords, configuration and security settings on these machines as legacy systems may have been implemented without customisation or changes to the original configuration. Ensure these risky configurations, like default password usage and easily discoverable and exploitable settings, are updated.
As many companies are now painfully aware, patching is important. See if any patches are available from the vendor and update if possible. Out of date patches provide an easy way for cybercriminals to get into your systems. Where operational reasons prevent patching, indirect mitigation can be used until proper patching can take place.
Change how you think about cyber security
The Microsoft Windows vulnerability exploited by EternalBlue has had a patch available since March. Were companies who didn’t patch not aware of how critical this was? Were vulnerability management and IT operations teams simply overwhelmed by the sheer number of vulnerability alerts from that huge dump as well as the thousands of others they receive on a daily basis and just hadn’t yet patched the EternalBlue vulnerability?
At the moment, the cyber security reaction from many businesses is like the captain of a ship hit by a torpedo, who only knows he must keep pumping out sea water without actually knowing where the breach in his ship is
If the energy industry wants to keep up with attackers, it needs to rethink its approach to vulnerability and threat management, and rethink it quickly. Cybercriminals are moving fast, and it’s easier than ever for them to gain access to exploits that can deliver devastating malware like the WannaCry ransomware variant.
Security programs must evolve from simply an exercise of trying to patch everything all the time toward a focused, intelligent action-driven program that considers real-world threats. This threat-centric vulnerability management approach means correlating multiple factors to determine the risk vulnerability poses. This will allow teams to manage the huge volume of “known” vulnerabilities that are potential threats and narrow them down to a small, manageable number of vulnerabilities that are identified as imminent threats — exposed vulnerabilities known to be exploited in the wild.
This is just the beginning
Cybercriminals are moving fast. It’s easier than ever to gain access to exploits that can deliver devastating results with a high ROI, like the WannaCry ransomware variant. This is only the beginning and if the energy industry is to keep up and stay ahead of hackers, they need to take an entirely different approach to vulnerability and threat management.
Recently, a team from Trend Micro working with researchers from Politechnico Milano hacked an industrial robot to draw a squiggly line instead of a straight one. This fairly harmless hack on a robot gripping a stylus looks a lot more serious on one using a welding rig.
The energy industry needs to act now.
Ravid Circus is vice president products with Skybox Security.