In August 2017, a cyberattack was launched against a Saudi Arabian oil and gas facility that led to an explosion at the petrochemical plant. The incident was an unsettling one, given that it was the first known attempt to target an emergency shutdown system that was implemented to save lives.
The attackers attempted to reprogram the control systems that were used to monitor the plant for issues. However, the group, dubbed TEMP.Veles, accidentally triggered a plant shutdown when attempting to disable these safety systems.
More than a year on, the cyberattack, and the malware used to orchestrate it, has now been linked to Russia’s intelligence services.
Cybersecurity group FireEye has managed to trace part of the Triton malware, a suite of hacking tools designed to take control of and destroy industrial equipment, back to the Central Scientific Research Institute of Chemistry and Mechanics, a Kremlin-backed organisation.
But why would Russia want to target a Saudi Arabian energy plant, and should the rest of the world be concerned? David Atkinson, Founder of cybersecurity system developer Senseon, shares his views.
Why would Russia be behind this attack?
While the link between the two might not be immediately clear, it comes as little surprise that Russia has been linked with the attack.
The similarities between this cyberattack and the 2015 attack on the Ukraine power grid, in which a Russian-based group disrupted energy supply to some 230,000 Ukrainians, are clear.
“Russia is globally involved in a range of significant influence and information operations. We have seen Russia linked to disruptive attacks against power stations in Ukraine before,” Atkinson said.
Authorities in the United States and United Kingdom issued a joint warning earlier this year to government bodies, large businesses and infrastructure providers that they could come under attack from Russian agents. GCHQ and the FBI warned that Russia had been testing cyber-defences in order to find vulnerabilities that could potentially be used in future attacks.
“Given that Russia’s GRU [Main Intelligence Directorate] has recently been directly linked to attacks on a global scale, it’s likely that this is a government-led attack,” Atkinson said. “Even if the intent of this attack was not disruptive, they may have been pre-positioning for future operations.”
Should businesses be concerned?
The issue with defending against attacks of this nature is that it takes a disproportionate amount of resources to defend against even the lowest budget cyberattacks. It is possible for just a few attackers to bring down thousands of systems, companies and devices.
Russia’s cyber warfare efforts, Atkinson believes, are particularly concerning. This is due to the sheer scale of its operations.
“Russia is not the only adversary operating in this space, but it alone has 350,000 individuals dedicated to signals intelligence.
“It would be almost impossible to defend an enterprise against a concentrated attack from even 1% of the total Russian capability.”
Industries that rely on control systems, such as the energy sector, face a particularly difficult time trying to defend against attacks of this nature due to the unique technology and devices often used. The majority of protection currently offered only helps to protect standard IT infrastructure, therefore leaving industrial control systems exposed.
“Industrial Control System are generally designed for a 25-year operational life,” Atkinson said. “As they are incredibly bespoke, applying the latest security patches is almost impossible to do in a reasonable timeframe.”
“This means that Industrial Control Systems are extremely vulnerable and present an attractive target to motivated hackers.”
Guarding against attack
Given the difficulties faced in attempting to stop these attacks from occurring, it is vital that businesses have high-level detection systems in place to spot these threats early on.
Atkinson believes that artificial intelligence holds the key to defending against such unpredictable cyberattacks.
“Defence approaches that use artificial intelligence give content to alerts and help to spot genuine threats in the noise of busy environments, allowing organisations to respond quickly.”