Thursday, September 27, 2012

Attacks on Energy Equipment Vendor like Attacks on Defense Contractor


In 2009 reports emerged that attackers had breached defense contractor systems and stolen data related to the F-35 Joint Strike Fighter. Not knowing what was seen and what was stolen, it means we may always have some uncertainty about how much adversaries know about this plane's combat capabilities and other secrets.

In 2011 we got news that the same contractor was attacked again, albeit this time, perhaps, with less success.

Now comes a network breach of a major critical infrastructure telemetry and control systems manufacturer and it sounds like they may have lost some of the design specs and software at the heart of one of their most important and widely deployed systems.

Systems used by electric utilities, gas utilities and some of the largest oil companies in the world.

How much the company itself knows or will come to know about the scope of the loss may never be known. But as with the F-35 above, current and future users of its equipment, now have a new dose of uncertainty they're going to have to (risk) manage somehow.

In a perfect world, of course the best approach is to prevent these breaches in the first place. But at least they detected them and can initiate  forensics and emergency response plans.

You can read various accounts here:
As well as a Telvent press release announcing a new approach to securing itself and its systems.

Photo credit: Horia Varlan @ Flickr.com