Iranian Cyber Attack Highlights The Cost of Unsecure Control Systems
Last week, it was widely reported across the world’s media that Iran’s national oil company was the subject of a cyber attack, followed by nearly three days of impact assessment.
The virus, which hit the oil ministry and the national oil company, forced Iran to disconnect the control systems of Kharg Island, an export hub for Iran’s crude and oil facilities bringing the production to a halt. While there was no immediate threat to health and safety, the breach has caused loss of data and has necessitated the replacement of this information, delaying the return to full production. In addition it has raised some serious concerns about their systems security and software management.
This latest attack will undoubtedly result in a review of software security. However past experience has shown that there are no “Silver Bullet” solutions for protecting software from inside and external attacks of this nature.
Why is process software security so important? In 2010, research carried out by the 2011 Global Information Security Survey by CIO Magazine and PwC showed that 43 percent of security incidents were perpetrated by insiders. While unintentional breaches can occur, a user, employee or contractor also can deliberately infiltrate a system and steal data to sell or disrupt IT services.
According to the research, the average loss from a single incident of security breach was $875,146. Forty-two percent of respondent’s surveyed reported financial loss as the biggest impact of security breaches, and thirty percent reported intellectual property theft as the second biggest impact. Thirty percent of respondents said their business’ reputation had been compromised by a security breach, while seventeen percent of respondents had experienced fraud due to security breaches and fourteen percent reported loss of shareholder value due to cyber security issues.
Given the company’s statement that there were no threats to health and safety, the next key question is the effect on production and associated financial revenues. To minimise these losses, companies need to not only look at protection, but also to ensure that they have adequate software management and back-up for their data and process critical software, as required by the many Standards, Regulations and Guidelines (including 61508 and 61511 amongst others) governing these procedures. Effective “back-up” will allow such companies to access the right version of “clean” software, from a secure source which is protected from any unauthorised access.
Asset Guardian can provide such back-up. It is a proven solution for protecting the integrity of Process Critical Software and providing effective disaster recovery tool. Should a breach such as this latest example occur, Asset Guardian will provide the affected business with the ability to resume business as normal as quickly as possible.