#CyberFLASH: Alarming gaps in cyber security identified by a new survey of Canadian energy companies

Alberta-Energy-to-discuss-cyberthreats-on-oil-and-gas-infrastructureOnly one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general.

This is Deloitte’s first assessment of IT security risks to Alberta’s oil and gas industrial control systems (ICS), which are devices that control pumps and valves, detect leaks in pipeline operations, among other functions. The study found that right now, attacks on industry exploiting unsecured ICS are not common and may not be an immediate risk to Alberta’s oil and gas industry, but that doesn’t mean it should rest easy.

“If those who want to harm Alberta’s oil and gas industry obtain the skills needed to do so, the risks to Alberta increase,” the report authors stated.

In 2010 the world learned that a virus, called Stuxnet, successfully attacked ICS used in Iranian nuclear facilities. The Stuxnet virus attacked programmable logic controllers, a type of ICS which is also readily used in oil and gas operations.

Recently, a German steel mill was attacked by manipulating and disrupting ICS so that a blast furnace could not be shut down, resulting in “massive physical damage.”

Alberta is not immune to security risks targeting ICS. According to the auditor general report, a sophisticated cyber attack was detected against a Calgary-based company that supplies ICS remote administration and monitoring tools and services to the energy sector in Alberta. 

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.