In a whitepaper just released by Symantec, the global security firm examines the rising trend of attempted attacks against the energy sector, noting that in the first half of 2013, the energy sector was the fifth most targeted sector worldwide, experiencing 7.6% of all cyberattacks.
In fact, Symantec that from July 2012 to June 2013, it observed an average of nine attacks per day against the energy sector.
“Disturbingly, reports of attempted attacks against the companies and industries that supply it (the energy sector) are increasing every year,” Symantec notes.
“We are also learning that aggressors who target the energy sector also try to steal intellectual property on new technology, like wind or solar power generators or gas field exploration charts. While data theft incidents may not pose an immediate and catastrophic threat to a company, they can create a longer term strategic threat. Information stolen could be used in the future to perform more disruptive actions, warns Symantec.
Symantec notes in a blog on its website by threat researcher Candid Wueeston that its research has found that modern energy systems are becoming more complex, and that there are supervisory control and data acquisition (SCADA) or industrial control systems (ICS) that sit outside of traditional security walls.
“And as smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices,” Wueeston writes.
Wueeston goes on to say: “In addition to this, many countries have started to open the energy market and add smaller contributors to the electric power grid, such as private water power plants, wind turbines or solar collectors.
“While these smaller sites make up only a small portion of the grid, the decentralized power input feeds can be a challenge to manage with limited IT resources and need to be carefully monitored to avoid small outages that could create a domino effect throughout the larger grid.
“We see the need for a collaborative approach combining IT and industrial component security to protect the industry’s information. To partner in this effort, Symantec has conducted an in-depth study into attacks focused on the energy sector that took place in the past 12 months. This research presents the facts and figures, and covers the methods, motivations, and history of these attacks.”