Advanced cyber threats on the increase in energy sector

Energy businesses are increasingly attractive targets for cyber attackers given their high visibility, central role in the world economy and the politically sensitive nature of their global operations.

According to Arbor Networks, the security division of NETSCOUT (NASDAQ: NTCT), energy firms are being targeted every day by attackers leveraging social engineering and using partner organisations to gain access to high-value targets. The attackers mainly use credentials to stay under the radar, resulting in companies not finding out they have been breached until it’s too late.

“Many of the organisations breached have invested in layered security at their network perimeter, and have the latest technologies deployed. Unfortunately, attackers are constantly innovating and have access to many of the defensive technologies used today. This allows them to develop methods to circumvent these technologies as quickly as they are being deployed, rendering many of them useless,” explains Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks.

“Locking down the perimeter of the network to keep threats out is virtually impossible given modern working practices, BYOD, control applications, billing interfaces and partner connectivity. This list does not include what is often the weak-link, from a security perspective, the human element. Once inside a network, attackers often have a significant period of time to move laterally, establish resilient connectivity and accomplish their goals discretely,” he adds.

A critical concern is that while the sophistication of attackers is variable, the energy sector occupies a unique position within critical national infrastructure and both national and global economies, making it a mark for ideologically and politically motivated attacks. Thus, the attacks are at times purely aimed to cause disruption, rather than financial gain for the attacker.

Hamman points out that preparation is key: “While deploying additional technologies to detect/ block the latest threats as they enter networks is the approach many organisations continue to take, it is only effective at dealing with the majority of attacks. A determined adversary will however eventually get through these defences.”

What is needed, he stresses, is to detect any incursion or anomaly as quickly as possible, wherever it occurs. “Augmenting broad visibility with deep visibility at key locations through packet capture and meta-data extraction can allow the identification of more specific threats, and access to relevant forensic data to aid investigation. But, the data produced needs to be accessible and usable by our security teams,” states Hamman.

It therefore becomes imperative that security solutions maximise the effectiveness of scarce security resources and promote workflows that remain oriented around the goal – reducing business risk from cyber attack.

“This is an area of focus at Arbor, and we provide solutions that are designed from the ground up to simplify detection, validation and response to threats. Human security resources are the key asset in identifying unusual traffic or threat trends within our networks, and our solutions are designed to maximise their capability,” explains Hamman.

Arbor solutions use visualisation techniques to allow speed-of-thought navigation through large volumes of data, reducing the time spent in the threat validation/ investigation process to free up time for more proactive, focused identification of potential problems which may otherwise have gone unnoticed.

“Our approach is to work with customers to deliver solutions that will ensure both service availability and security, and provide on-going advice and intelligence on threat evolution. For instance, Arbor’s Security Engineering Response Team (ASERT) specialises in researching attack campaigns targeting the energy sector. ASERT leverages the visibility Arbor has of around 30 percent of daily Internet traffic, together with key malware and botnet analysis capabilities, to deliver threat intelligence that can be used to accurately identify threats, with additional context around any associated campaign,” he highlights.

Exclusively distributed in southern Africa by Networks Unlimited, South Africa's leading value-added distributor, the Arbor solution has three areas of focus:

  1. Always-on network perimeter protection from DDoS attacks – threats such as DDoS and other cyber-attacks need to be detected and blocked before they escalate into costly service outages.
  2. Cost-effective internal network visibility and threat detection – the greater your visibility across internal network operations, the better your ability to detect suspicious or malicious activities wherever they occur.
  3. Security analytics – speed up the investigation and triage of security events and augment existing threat detection processes with a more proactive ‘hunting’ approach. Attackers are innovating constantly; maximise the effectiveness of your security resources to counter this innovation by giving them interactive visualisations of key security data, so that threats can be identified, understood and contained more quickly.

“We realise that security teams within most African energy sector organisations are still resource constrained and thus we strive to be a force multiplier, maximising the effectiveness of existing network and security teams across the continent. Our end goal is to provide solutions that proactively identify zero-day or insider threats,” concludes Hamman.