The energy sector is vital for our industrial society to function properly. Fuel, electricity and petroleum sustain key industries, including agriculture and transportation. Should the world’s top 10 economies be concerned that cyber criminals could go after their critical infrastructure?
It’s been seven years since the malicious computer worm Stuxnet was detected, and 12 since it was created as part of a partnership between the US and Israel to destroy Iran’s nuclear program.
Now, the US government is concerned hackers are seeking to target nuclear and energy companies across the country, writes Reuters.
"Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict," reads a recent report by the FBI and the US Department of Homeland Security.
At the end of June, US federal authorities announced they were investigating security breaches related to at least one nuclear power plant malfunctioning in South Carolina. Following serious hacking activity this year and proven vulnerability to cyberattacks of industrial computer systems, a warning has been issued about phishing campaigns and other strategies hackers deploy to infiltrate networks.
The US is not the only country to deal with cyberattacks on its plants. In June, a number of critical infrastructures in Ukraine were taken offline after they were infected with Goldeneye ransomware.
And it all comes down to enforcing a dedicated cybersecurity strategy based on the notion that grid infrastructures are built to operate for decades and can’t be updated as often as other systems. For now, Singapore seems to be the country with the fewest cybersecurity gaps, followed by the US, Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France, Canada and Russia, says The Global Cybersecurity Index, a U.N. International Telecommunication Union (ITU) survey. India came 25th, ahead of Germany and China.
"The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised," it says.
Of the 193 member states, 38 percent published a cybersecurity strategy and as little as 11 percent have a standalone strategy. Why is it difficult for rich countries with advanced technology to deploy an optimal cybersecurity strategy, and how much of a role does wealth play?
"There is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities and programs," reads the report.
Unless secured, each device connected to the grid turns into a vulnerability for network architecture, as does an employee who can’t recognize imminent danger. To reduce the number of vulnerabilities, “it is important to develop a cybersecurity culture where citizens are aware of the trade-off between risks and monitoring when using electronic networks,” especially in the context of IoT prevalence.