More than Meets the Eye: Deceptive Cybersecurity for the Energy Sector
The energy industry is particularly vulnerable to cyber-attacks due to increased interconnectivity of energy systems, but what can be done to protect these systems? Umar Ali speaks to Tony Cole, CTO at cybersecurity company Attivo Networks, about a technology that could provide a solution.
Umar Ali (UA): How could this technology specifically help energy companies?
Tony Cole (TC): Most organisations out there today, aside from a few in for some special areas, have no preventative tools that you can put on the OT side. Many of them also don’t collect telemetry, so you can’t collect any evidence from the system sitting out there.
That’s why we’ve created deceptive OT systems that can run down into the data site, we can do deceptive HDMI systems, deceptive historians- all kinds of stuff to the lowest level across the board, with a lot of energy customers running our technology today.
In fact, earlier this year in July the US Department of Energy liked it so much that they awarded a grant to Pacific Northwest National Labs in one of their own labs that named us in it, as well as their partners, to further develop deception at the lowest levels to protect the US energy grid.
Of course that’s just where the grant was done, we own the technology. So we’ll have all our customers as we further develop our capabilities in this area. We already have a lot of energy customers that are very pleased with the telemetry we were able to gather, where no telemetry was able to be gathered before.
UA: Do you have any experiences you could talk about with the technology in a real life energy setting?
TC: I will say that many of the breaches will take place on the energy side, we catch them earlier on the production side, they’ve not moved down to the OT side. So we’re in the enterprise. And we’ll catch them early when a phishing email comes in, or when somebody gets hit by a watering hole attack, that’s very common in the energy sector.
A watering hole attack is a simple concept; if you want to target a specific organisation, you start looking at that organisation via social media, where you can start to paint a picture very quickly of what the website is.
So say if an attacker goes to Power Technology, your company, I’m sure like 99% of the companies out there will use advertisements on the web page. Those advertisement servers are quite often a target, because many of them are smaller companies, and they do third-party advertising themselves then sell that time back to magazines like yours. Many of them have limited capabilities for security, because they’re such small companies.
So they will target those companies, compromise them, and you end up with a vulnerability on your website that can compromise energy users that are focused on the target that they want. So in this instance a guy comes in, it’s not a phishing email he clicks on, he goes to your magazine and there’s malicious code on there. He sees an advertisement he likes, clicks on it, and he’s compromised.
That’s generally where we’ll catch them most of the time before they have a chance to move anywhere down to the OT side.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise