Think cyber security is a 21st century problem? Think again.

For years, we’ve worried about hackers or malicious software gaining access to our personal information and corporate data.

But only recently have businesses begun taking these threats seriously.

The number of cyber attacks is

increasing exponentially, particularly

in businesses responsible for creating

and maintaining critical

infrastructure.

In late 2009, targeted cyber attacks labeled Night Dragon were conducted against

global oil, gas and petrochemical companies. The attacks used social engineering

methods like spear phishing and took advantage of vulnerabilities in Microsoft

Windows and Microsoft Active Directory to gain access to confidential systems. Once

inside, hackers used remote administration tools (RATs) to control the systems and

harvest sensitive, confidential information.

Through the attacks,

companies in the oil and gas

industry learned that they too

are vulnerable to the types of

attacks that those in the

consumer sector have faced

for years.

In response to this surge of illegal

activity, the United States Department of

Homeland Security created ICS-CERT,

which records cyber security incidents

and aims to develop solutions for

demonstrated vulnerabilities in industrial

systems.

ICS-CERT: Industrial Control Systems Cyber Emergency Response System

According to ICS CERT’s quarterly newsletter The Monitor, a whopping

40% of the cyber-attacks reported in 2012 targeted the energy industry. Saudi Aramco: a disgruntled insider used

Shamoon malware to target and take down some 30,000 work stations.

Televent Canada: hackers breached internal firewalls and security systems, gaining access to OASySA SCADA information that could be used in future attacks on industry control systems.

RasGas Co: a targeted assault used a virus to shut down the company’s website and email servers

JP Morgan Chase & Co. and Wells Fargo: distributed denial of service (DDoS) attacks took down the websites of national banks and disrupted customer transactions for hours.

Of the cyber incidents of 2012, many targeted notable oil and gas companies:

In light of the rise in cyber attacks, people in power are starting to pay attention:

“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the nation’s critical infrastructure in the face of such threats.”

-President Barack Obama

In February, President Barack Obama signed an executive order with the goal of preventing cyber security attacks.

As the federal government takes action, ABI Research estimates that cyber security spending on oil and gas critical infrastructure will reach $1.87 billion by 2018.

Unfortunately, we have adopted technology faster than we can adapt to it.

Hackers have the ability to search YouTube for information on how to access this technology, and they can even access step-by-step instructions for bringing infrastructures down.

So what can your company do about it?

You must be aware of potential threats to your business and put mitigating factors in place. And someone must continually monitor and update your systems in order to react to the data you collect.

It starts with being prepared.

Now is the time to stop being reactive and start being proactive.

You must first identify vulnerabilities to develop fit-for-purpose solutions.

Cyber security strategies are complex and multi-layered. In the defense-in-depth approach, security is like an onion with your

data at the center and surrounded by radiating layers of protection.

defense-in-depth protects your Data at its core and includes protective measures in each of the following layers:

• Application• Host security

• Internal network• Perimeter• Physical

• Policies and procedures

Download our brief on cyber security! Learn more about Industrial Cyber Security at

CIMATION.COM/CONTACT-US