The energy industry is particularly vulnerable to cyber-attacks due to increased interconnectivity of energy systems, but what can be done to protect these systems? Umar Ali speaks to Tony Cole, CTO at cybersecurity company Attivo Networks, about a technology that could provide a solution.
Umar Ali (UA): How could this technology specifically help energy companies?
Tony Cole (TC): Most organisations out there today, aside from a few in for some special areas, have no preventative tools that you can put on the OT side. Many of them also don’t collect telemetry, so you can’t collect any evidence from the system sitting out there.
That’s why we’ve created deceptive OT systems that can run down into the data site, we can do deceptive HDMI systems, deceptive historians- all kinds of stuff to the lowest level across the board, with a lot of energy customers running our technology today.
In fact, earlier this year in July the US Department of Energy liked it so much that they awarded a grant to Pacific Northwest National Labs in one of their own labs that named us in it, as well as their partners, to further develop deception at the lowest levels to protect the US energy grid.
Of course that’s just where the grant was done, we own the technology. So we’ll have all our customers as we further develop our capabilities in this area. We already have a lot of energy customers that are very pleased with the telemetry we were able to gather, where no telemetry was able to be gathered before.
UA: Do you have any experiences you could talk about with the technology in a real life energy setting?
TC: I will say that many of the breaches will take place on the energy side, we catch them earlier on the production side, they’ve not moved down to the OT side. So we’re in the enterprise. And we’ll catch them early when a phishing email comes in, or when somebody gets hit by a watering hole attack, that’s very common in the energy sector.
A watering hole attack is a simple concept; if you want to target a specific organisation, you start looking at that organisation via social media, where you can start to paint a picture very quickly of what the website is.
So say if an attacker goes to Power Technology, your company, I’m sure like 99% of the companies out there will use advertisements on the web page. Those advertisement servers are quite often a target, because many of them are smaller companies, and they do third-party advertising themselves then sell that time back to magazines like yours. Many of them have limited capabilities for security, because they’re such small companies.
So they will target those companies, compromise them, and you end up with a vulnerability on your website that can compromise energy users that are focused on the target that they want. So in this instance a guy comes in, it’s not a phishing email he clicks on, he goes to your magazine and there’s malicious code on there. He sees an advertisement he likes, clicks on it, and he’s compromised.
That’s generally where we’ll catch them most of the time before they have a chance to move anywhere down to the OT side.