Cyberattacks Against Energy and Utilities Industry Increasing

Cybersecurity fim Vectra has revealed that, while industrial control systems are in the crosshairs, most cyberattacks against energy and utilities firms occur and succeed inside enterprise information-technology (IT) networks, not in the critical infrastructure.

Published in Vectra's 2018 Spotlight Report on Energy and Utilities, these and other key findings underscore the importance of detecting hidden threat behaviors inside enterprise IT networks before cyberattackers have a chance to spy, spread, and steal. These threat behaviors reveal that carefully orchestrated attack campaigns occur over many months.

Cybercriminals have been launching carefully orchestrated attack campaigns against energy and utilities networks for years. Often lasting several months, these slow, quiet reconnaissance missions involve observing operator behaviors and building a unique plan of attack.

“When attackers move laterally inside a network, it exposes a larger attack surface that increases the risk of data acquisition and exfiltration,” said Branndon Kelley, chief information officer of American Municipal Power,a nonprofit electric-power generator utility that serves municipalities in nine states that own their own electric system. “It’s imperative to monitor all network traffic to detect these and other attacker behaviors early and consistently.”

Read the full story here.



Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter.  If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.





HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.