(Bloomberg) -- Hackers are increasingly targeting industrial facilities, from oil refineries to nuclear power plants, with sophisticated attacks aimed at capturing data and remotely controlling the sites, according to a Honeywell International Inc. executive.
Honeywell has seen evidence of threats from nation-states and "sponsored attackers" backed by nations in two-thirds of the 30 industrial sectors the company tracks at its Duluth, Georgia-based cyber research lab, according to Eric Knapp, chief cyber security engineer at Honeywell Process Solutions. The unit provides cyber security for more than 400 industrial sites worldwide, including oil and gas producers, chemical and power plants, natural gas processors, and mining and water treatment facilities.
"We’ve seen that there’s definitely increasing exposure to what we call high-capability threat actors," Knapp said in a phone interview. "Nation-state and sponsored attackers are definitely out there, and they’re definitely focusing on these industries."
|Ukraine attack
Knapp wouldn’t name specific countries but said that the advanced hacking methods being detected are typically associated with nations or groups they sponsor. A U.S. indictment unsealed in March accused a hacker based in Iran of gaining remote access to a computer controlling a dam in Rye, New York, for about three weeks beginning in 2013, while six other Iranians attacked U.S. banks and companies including the New York Stock Exchange, Nasdaq, Bank of America Corp., JPMorgan Chase & Co. and AT&T Inc. Iran rejected the accusations.
In December, hackers in Ukraine showed the potential for an online attack to inflict real-world damage by disrupting power to tens of thousands of people. Destructive malware knocked out at least 30 of the country’s 135 power substations for about six hours.
Honeywell’s Knapp said hackers typically seek data or log-in details that give them access to industrial-control systems at the facilities, letting them digitally manipulate the operations from afar.
"We’ve seen administrative credentials for sale. We’ve seen specific access to specific industrial facilities for sale" online, Knapp said. "If I were to peruse the black market and I didn’t have any scruples, I could say, ‘I want to access this facility,’ and I can purchase the access to that, which is scary."
|Attackers craft malware
One-third of malware Honeywell has detected at industrial facilities entered the control system’s network through infected USB drives plugged in by users.
Companies have built stronger networks around their control systems, making direct access more difficult for hackers. Instead, attackers craft malware to hit a company’s more vulnerable corporate system and then infect any removable USB drives attached to that network. The control system’s network, housed separately, is breached when a worker plugs the infected USB drive into it.
"There’s still a need for information to flow between the business and the control system," Knapp said. "The bad guys know that they need to go in that way so they’re designing their attacks to take advantage of that."
Other challenges include costly measures needed to update industrial control systems to respond to current cyber threats. Some facilities are also using control systems that are three to four decades old, Knapp said.
"There’s just an inherent challenge in protecting these systems," he said. "In a lot of cases, because of the age of systems they predate cybersecurity."
Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.