We are not prepared for a cyber attack on Western energy infrastructure

The NSA veteran Chief General Keith Alexander fears crippling cyber-attack on Western energy infrastructure and warned that we are not prepared for that.

Security experts are warning companies in the energy industry of possible cyber attacks and Western plants are more exposed to the cyber threats. Electric grids, oil refineries and power plants are the biggest targets for cyber-attack by hackers, warns the former chief of the National Security Agency, General Keith Alexander.

Alexander, who led the U.S. battle against cyber-threats for much of the last decade, was speaking at a private dinner held by IHS CERAWeek in Texas last week, reports the Daily Telegraph.

“The greatest risk is a catastrophic attack on the energy infrastructure. We are not prepared for that,” he declared.

General Keith Alexander is considered one if the greatest cyber experts due to more than a decades of experience in the fight against cyber-threats, according to the Daily Telegraph the official was speaking at a private dinner held by IHS CERAWeek in Texas a few days ago when he expressed the fear of crippling cyber-attack on Western energy infrastructure.

The fear appear legitimate due to the recent news regarding the different cyber attacks that hit the sector, the report recently issued by the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) related to the period September 2014 – February 2015  highlighted that the majority of the attacks involved entities in the Energy Sector followed by Critical Manufacturing. About 30 percent of the incidents hit infrastructures in the energy sector, meanwhile Critical Manufacturing (i.e. manufacturing of vehicles and aviation and aerospace components) accounted for 27 percent.

The most disconcerting aspect is that more than half of the incidents reported by asset owners and industry partners involved sophisticated APT, this means that as explained by the General Keith Alexander the U.S. and its allies are at an ever growing risk of a systemic cyber-assault.

ICS/SCADA system were targeted by several categories of bad actors, including cyber criminals, insider threats and hacktivists.

The modern economy depends on numerous factors, a major cyber attack against any entities in the energy sector (i.e. oil refinery, energy grid) could have a dramatic impact in a global scale.

“We need something like an integrated air-defence system for the whole energy sector,” added Gen. Alexander.

Alexander illustrated the possible repercussions for a cyber attack predicting that energy infrastructure would be a hacker prime target, the former NSA Chief also listed five countries that have significant cyber-warfare capabilities, the US, UK, Israel, Russia and Iran.

I agree with General Keith Alexander, and I also include in the list the China and the North Korea, two countries that are significantly investing in the definition of a new generation of cyber weapons.

We have a clear idea of the possible effects that a cyber weapon like Stuxnet could have on the critical infrastructure of a Western country.

The current NSA chief Michael Rogers recently testified that the Government of Beijing is capable of cyber-attacks that could cause ‘catastrophic failures’ of an electricity grid, the water systems or any other energy plant.

The US intelligence considers Iran as the principal threats to the country, its state-sponsored hackers appear more interested to sabotage and destructions respect Chinese peers.

“The Iranians revealed their skill in August 2012 with a taunting virus attack on Saudi Aramco, Saudi Arabia’s state-owned oil giant. Hackers erased most of the company’s emails and documents, leaving an image of a burning American flag on the computer system as their calling card. There was a similar attack on Qatar’s state-energy group RasGas. The action was a form or retaliation for economic sanctions against Iran, but also a warning shot to Riyadh in an escalating battle for Mid-East dominance by the two regional superpowers. It is highly pertinent today given comments by leading figures in Tehran that the Saudis will be “punished” for their decision to drive down the price of oil.” reported The Telegraph

Speaking of cyber threats we cannot ignore the menace represented by terrorist organizations, including the ISIS, regarding the dreaded group Gen. Alexander admitted that Western Intelligence had failed to monitor the evolution of the threat across the Middle East.

Pierluigi Paganini

(Security Affairs –  energy industry, critical infrastructure)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

3 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

17 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.