Dragonfly is back. That was confirmed in September 2017 when Symantec published a report disclosing that, during a two year period, Dragonfly-affiliated hackers had been attempting to compromise energy industry infrastructure. The sticking point in this latest security revelation is what damage was caused by the breach; none. It seems the hackers were trying to discover how power supply systems work and what could be compromised and controlled as a result, rather than inflicting chaos on our critical infrastructures. But the signs are there… Those of us in the security industry know how important it is that we communicate openly, clearly and with transparency about the threats that we face in today’s networked world. However, all too often, this still doesn’t have the required effect of motivating those responsible for protecting critical systems into adopting good security practice. While in this instance we are fortunate our infrastructures continued to operate as normal, there are lessons to be learned.
What were the attack vectors?
The energy sector is caught in the cross hairs. Industrial Control Systems and critical national infrastructure have always been lucrative targets. Everyone from bedroom hackers to state sponsored spies have wanted to breach critical systems since the dawn of the networked era.
The important revelation in this latest research, that could help prevent a breach in the future, is the methods detected. Techniques such as email phishing, Trojan malware and watering hole websites were utilised, attack vectors which are all well understood and can be easily mitigated against. The lesson for those of us who protect industrial infrastructure, then, is not that our power stations are at risk. Rather, we must focus on improving our ability to detect a breach and ensure that if one occurs, we can get our clients back to productivity as soon as possible.
Mitigating the risk
The energy sector can’t afford to view security as a necessary evil. It’s every bit as vital as the power stations and supply lines themselves. At Applied Risk, we recommend that firms build multi-layered defences which combine strong access control (2 factor authentication), segmentation of critical systems and networks, logging and monitoring, user education and regular penetration testing.
We also encourage closer collaboration with partners and peers to ensure that the security we put into one part of a networked system isn’t undermined by a weakness elsewhere. That means better communications between energy companies, vendors and integrators.
Time is not on the industry’s side. Now we know these weaknesses exist, energy companies must get the implementation of new technologies right to strengthen their defences. Get it wrong, and those cross hairs could prove fatal.
Contact us to learn more about Applied Risk’s ICS/SCADA Security Assessment & Penetration Testing.