Preventing Network Security Threats At Sub-Contractor Level: A New Approach To Pipeline Security

By Stephen Coty, Director Threat Research, Alert Logic | February 2014, Vol. 241 No. 2

Network security for pipeline systems is one of the top priorities noted by the Interstate Natural Gas Association of America (INGAA). That isn’t surprising when you consider that the energy industry has been a prime target of network attacks and data breaches over the last two years, both from corporate espionage “agents” interested in stealing confidential geophysical data, financial data and passcodes as well as hacktivists with political and social motivations to embarrass organizations.

However, hacking directly into a global energy company’s network – or the pipeline controls themselves – is nearly impossible due to the robust and expensive network security technology defenses that these large enterprises have in place. Instead, hackers look for and target the weakest link in network security against which to launch a brute force attack. In most cases, it is typically the smaller IT networks of sub-contractors and other vendors who have connectivity to client systems through VPNs.

In another emerging scenario, cyber attackers are gleaning business and personal information on sub-contractor employees from social media sites to craft email phishing schemes that allow them to infiltrate their clients’ networks and steal valuable data using malicious malware and Trojans. The use of employee-provided computer devices and applications – BYOD and BYOA policies – in the workplace increases this vulnerability.

Regardless of the approach or the motivation, the cyber criminals stalking the networks of energy companies have discovered a convenient and usually unlocked “back door” in industry contractor networks. However, oil and gas companies can shut and lock this back door by taking proactive steps to ensure that all network communications with their contractors are as secure as their internal enterprise systems. This article looks at several key areas of technology and best practices for preventing brute force and malware network security threats at the sub-contractor level.

A Critical Security Threat
First, let’s look at the seriousness of security threats against energy companies today. The performance of energy pipelines impacts every sector of the global economy. Loss of energy services, especially during peak temperature seasons, would have a devastating effect on both businesses and individual households. Moreover, the danger of explosion or gas leaks due to tampering with SCADA PLCs presents an enormous physical threat to both energy workers and the public at large.

Despite these significant domestic security concerns, the fact remains that the industry’s highly valuable geophysical data and critical SCADA industrial control systems make energy a tantalizing target for cyber criminals. Around 60% of Alert Logic’s customers in the energy sector have experienced brute force attacks, such as those using botnets and malware to compromise network vulnerabilities and take control of systems. SCADA, in fact is the most attractive and, unfortunately, often the most vulnerable target as proven by these three devastating malware programs expressly developed over the past three years to take down SCADA systems:

● 2010 - The Stuxnet worm had as its main target industrial control systems with the goal of modifying the code running in Programmable Logic Controllers (PLCs) in order to make them deviate from their expected behavior.