Apparent cyberattack hits Iranian oil facility

When the PR emails start flooding my inbox on the same topic -- this alleged attack on a major Iranian oil export terminal, for example -- it usually means one of two things: It's either a very big deal or a bunch of hyperbole to grease the wheels of the security vendor publicity machine.

I'm still not sure which it is in this case. So I'm going to give everyone the benefit of the doubt and show you some of what the security experts are saying.

First, some background, courtesy of Reuters:

Iran is investigating a suspected cyber attack on its main oil export terminal and on the Oil Ministry itself, Iranian industry sources said on Monday.

A virus was detected inside the control systems of Kharg Island - which handles the vast majority of Iran's crude oil exports - but the terminal remained operational, a source at the National Iranian Oil Company (NIOC) said.

The virus, which is likely to draw comparisons with the Stuxnet computer worm which reportedly affected Iranian nuclear facilities in 2009-10 [ID:nPOM731768], struck late on Sunday.

It hit the internet and communications systems of Iran's Oil Ministry and of its national oil company, the semi-official Mehr news agency reported. Computer systems controlling a number of Iran's other oil facilities have been disconnected from the Internet as a precaution, the agency added.

Hamdullah Mohammadnejad, the head of civil defense at the oil ministry, was reported as saying Iranian authorities had set up a crisis unit and were working out how to neutralize the attacks.

IT systems at the oil ministry and at the national oil company were also disconnected to prevent the spread of any virus, the Mehr news agency said.

The oil ministry's own media network, Shana, quoted a spokesman as saying some data had been affected but that there was no major damage

Now for comments from a couple experts:

                Dr. Parveen Jain, president and CEO of RedSeal Networks:

The real news here is that this type of campaign could clearly have a serious and detrimental impact- both financially and socio-politically. The reality is that many of the SCADA systems used through industries  such as oil, electric and water systems are based on legacy computing technologies that were deployed before concerns of cyber threats were a reality.   These systems cannot be ripped and replaced, and won’t be. It’s not feasible. Neither is the idea of removing some of the Internet-based management controls that have put them at greater risk, because they’re much needed tools for smarter management of distributed power systems, etc.

The only solution for this problem is for infrastructure providers to do everything that they can to ensure that their systems are protected effectively at all times. They have to know that the defenses they’ve put in place are indeed functioning properly and that they cannot be easily hacked. As with critical data, or any other mission-critical computing systems, the answer is the same in every scenario. Companies, and the industry regulators that oversee them, need to make sure that the security systems that they’ve already invested in are actually effectively working .  It’s not about fear-mongering over cataclysmic implications, as big of an attention getter as that may be. It’s about making sure that basic controls are in place, that segmentation is enforced, that policies are enforced, which in itself is hard without automation, given today’s complexity and rate of business-driven change.”

Brian Contos, security director & consumer security strategist at McAfee:

There is a strong expectation that we are going to see more attacks targeting critical infrastructure around the world. Recent attacks on critical infrastructure have demonstrated vectors that work and are being copied by actors ranging from cyber criminals to hacktivists and nation-states. Attacks on critical infrastructure are more common than many think. Because of a lack of disclosure in these industries many incidents ranging from sabotage and intellectual property theft to extortion go unreported. Most organizations within critical infrastructure operate with a mix of legacy and modern equipment leveraging applications and protocols that facilitate both. This duality makes their assets vulnerable to a wider range of attacks than organizations in industries like retail and finance.

Copyright © 2012 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!