Monday, 8 October 2012

Cyber attackers target Iranian oil platforms -official

DUBAI (Reuters) - Cyber attackers have targeted communication networks on Iranian offshore oil and gas platforms in the past few weeks, but their attacks have been repelled, a state official was quoted as saying on Monday.
Iran, the world's No. 5 oil exporter, has tightened cyber security since its uranium enrichment centrifuges were hit in 2010 by the Stuxnet computer worm, which Tehran believes was planted by Israel or the United States.
Mohammad Reza Golshani, head of information technology for the Iranian Offshore Oil Company, told Iran's Mehr news agency that a cyber attack had targeted the offshore platforms' information networks.
"This attack was planned by the regime occupying Jerusalem (Israel) and a few other countries," Golshani said, adding that Iranian experts were able to repel the attacks.
"Currently telephone operations on the platforms and in the areas of Iran's oil and gas operations in the Persian Gulf are normal and have no problems," he said.
Israeli officials regularly decline to comment on allegations of any clandestine activity. Israel has threatened military action against the Islamic Republic's nuclear installations if Western sanctions on Tehran's banking and oil sectors do not persuade it to shelve its disputed atomic programme.
Western powers suspect Iran is trying to develop the means to produce nuclear weapons. Tehran says it is enriching uranium only for civilian energy.
Last week an Iranian official said cyber attackers had targeted Iranian infrastructure and communications companies, disrupting the Internet across the country.
And last month a commander in Iran's elite Revolutionary Guards said Iran was prepared to defend itself in case of a "cyber war" and deemed it more dangerous than a physical confrontation.
In April Iranian authorities said in April that a computer virus was detected inside the control systems of Kharg Island, which handles the vast majority of Iran's crude oil exports, but the terminal remained operational.
Tehran is working towards developing a national Internet system, which it says would improve cyber security. But many Iranians say the plan is the latest way to control their access to the Web, which is already highly censored.


Anyone working with SCADA or industrial control systems (ICS) in the oil and gas industry is aware of the pressure to increase productivity and reduce costs through network integration. For example, sharing real-time data from field operations with management is standard practice for most companies. Similarly, the demand for remote support has made many pipeline control systems accessible via Internet-based technologies.
At the same time, SCADA systems themselves have changed radically. Proprietary networks have been replaced with equipment using Ethernet technology. Single-purpose operator stations have been replaced with computers running Windows™, and IT software such as PDF readers and web browsers are installed in every station or control center.
These new technologies are enabling companies to implement agile, cost-effective business practices. Unfortunately, they also come at a cost - many of the same security vulnerabilities that have plagued business systems now appear in SCADA systems. Pipeline control systems are now exposed to cyber-security threats they were never designed for.
Stuxnet - The Game Changer
Cyber attacks on automation systems were considered by many to be a theoretical problem until the discovery of the Stuxnet worm in July 2010. At that moment the world changed, not only for oil and gas companies, but also for automation vendors, hackers, criminals and even governments.
Stuxnet was specifically designed to attack Siemens automation products. It was capable of downloading proprietary process information, making changes to logic in PLCs, and then covering its tracks. It employed previously unknown vulnerabilities to spread. It was powerful enough to evade state-of-the-art security technologies.
Stuxnet’s intended target was the uranium enrichment centrifuges used by Iran in its nuclear armaments program. Seizing control of the automation system, the worm was able to reconfigure the centrifuge drive controllers, causing the equipment to slowly destroy itself.
Stuxnet had a specific target, but like all attacks, cyber or conventional, there was collateral damage. Several companies in the U.S. had PLCs that were reconfigured by Stuxnet, probably by accident. No real damage, but a lot of labor charges were incurred and shutdowns occurred.
Even these problems soon stopped; software patches and anti-virus signatures soon drove Stuxnet into extinction. Unfortunately, the problem did not end there.
Stuxnet’s Children Have Arrived
The real impact of Stuxnet began to appear after the worm itself was history. Thanks to Stuxnet’s publicity, hackers and criminals discovered that SCADA/ICS products are attractive targets. These systems soon became targets of choice for public security disclosures; in 2011 the U.S. ICS-CERT released 104 security advisories for SCADA/ICS products from 39 different vendors. Prior to Stuxnet, only five SCADA vulnerabilities had ever been reported.
What was particularly concerning is that attack code was released for 40% of these vulnerabilities. This meant that the bad guys both knew where to find holes in SCADA/ICS products and had the software to exploit them.

No comments:

Post a Comment