Top Five Cyber Targets

According to an article on SCMagazineUs.com chemical facilities are in three of the top five industrial sectors susceptible to web-based malware attacks. According to the March 12th article:

“Based on an analysis of 200 billion web requests processed by the security company [ScanSafe] on behalf of its worldwide customer base, the top five verticals most susceptible to web malware infection were energy and oil, pharmaceutical and chemical, engineering and construction, transportation and shipping and travel and entertainment” (emphasis added).

Currently the target appears to be the vast amounts of intellectual property stored on these systems; information that apparently is being sold to competitors. Unfortunately there is no reason that these criminals will limit their sales to competitors. How much would terrorist organizations pay for access to information about security systems or routings of high-risk chemical shipments? Why Not Sell Access The article only deals with intellectual property theft, but there is no reason that the elements behind these data thefts will necessarily continue to limit their criminal activities to just theft. Process control systems that are electronically linked to facility business systems will inevitably become lucrative targets. Last year the FBI reported that there had been Eastern European electrical power system controls that had been hacked to hold the systems for ransom. As malware authors expand their repertoire there is little reason to believe that high-risk chemical facilities will be spared the threat of having control of their production systems seized for ransom demands. Once that capability has been demonstrated, it opens up the possibility of the malware authors selling access to control systems. An easy way to reduce competitive pressures in tight economic markets would be to access a control system and induce expensive process upsets or equipment shutdowns in a competitors manufacturing system. Even engineering a few noticeable environmental releases could increase a competitor’s manufacturing and regulatory costs. Of even more concern would be the selling of control system access to terrorists. Even if stand-alone safety systems were to prevent a catastrophic process upset, a serious process disruption could provide the level of facility confusion necessary to allow for a successful terrorist attack on the facility. Comprehensive Cyber Security It is becoming increasingly obvious that all organizations are going to have to take a hard look at their cyber security measures. High-risk chemical facilities are going to have to protect both their business and control computer systems from cyber attack.