After a series of high-profile cyber security incidents on critical infrastructures, governments and enterprises of such facilities have taken malwares seriously into considerations. Apparently, the malwares or ransomware over the past couple years, such as Stuxnet, WannaCry and Crash Override, have publically exposed the vulnerability of SCADA Networks or Industrial Control Systems in today’s power grid automation, petroleum sites and other critical infrastructures.
Most of the modern multi-story green buildings come with BAS (building automation system) for smart control of air circulation, water conservation and building climates. That is the reason why BAS-empowered buildings are sometimes referred to “smart buildings”. The BAS is a distributed control system based on computer networking to integrate monitoring and control subsystems, including HVAC (heating, ventilation and air conditioning), lighting, fire, security, humidity and other significant factors to reduce energy consumption while maintaining the comforts for the residents.
The number of targeted cyber attacks has increased exponentially over the past years, and the rate of attacks has also risen particularly on the critical infrastructure, such as power station, gas refinery and transportation. Some major incidents of cyber attack on power sectors, like the Blackenergy attack on Ukrain’s power grids and the Stuxnet on Iranian nuclear plants, cut off their data flow and disrupt utility serviceability. Due to the increased service convergence of Information Technologies (IT) and Operational Technologies (OT), there is an urgent need for more comprehensive, multi-layer security measures for CIP (critical infrastructure protection) in order to ensure secured communications and mitigate the advanced cyber treats.
Since the cyber attack of Ukraine’s power grids in December, 2015, it is clear that traditional ICS, SCADA and off-the-shelf operating systems in substation present imminent vulnerabilities for cyber attack. As the OT networks in critical infrastructures and IT-based control layer devices are more and more interconnected, there have been more loopholes exposed to cyber intruders. Since the energy infrastructures are highly critical to the economic well-beings of the societies, a successfully penetrated attack would cause devastating effects to the enterprises, the government and the people. Therefore, it is necessary to implement an industrial-grade network gateway to secure the industrial communication networks and protocols as most cyber attacks come from this channel.
Nowadays, utility productions, such as oilfield, petroleum refinery, and offshore gas drilling, have become more and more digitalized and connected. Devices deployed such as PLCs, HMIs, SCADA, sensors and embedded computing systems are inter-connected operational technologies (OT) in order to optimize automation and productions. Though digitalization and interconnections of OT devices have increased productivity and outputs for the oil and gas industry, the door is opened to cyber attacks at the same time. As a matter of fact, the numbers of cyber attacks to utility production industries have been rising continuously. According to researches, over 60% utility companies have encountered at least one attack in past years and petroleum industry is listed as one of the most targeted industries for cyber attacks