In April, KraftCERT published its sector-specific threat assessment for the petroleum and power sector. The assessment points to a need for increased vigilance in both IT and OT systems. In the IT sector, phishing and the misuse of legitimate tools (living off the land) are highlighted as key attack methods, while, in the OT sector, exposed services, open ports and poorly secured equipment are identified as major risk factors.
Cybercrime is still reckoned the most persistent threat. In addition, it is considered likely that pro-Russian hacktivists will attempt to target vulnerable, internet-exposed infrastructure.
Attacks on IT systems are considered probable. Such attacks can impact operations and, where IT and OT are closely integrated, may lead to operational disruptions . Poorly secured OT systems are also particularly vulnerable.
What does this mean for the sector?
KraftCERT considers it likely that threat actors will also carry out operationally disruptive attacks. The assessment highlights that the most likely scenario is of ransomware attacks on IT systems that cause operational disruptions. Such disruptions might entail preventive shutdowns or isolation of OT and production. They will be affected by companies’ uncertainty as to the scale of an attack.
KraftCERT emphasises that it is highly unlikely that threat actors will succeed in launching denial-of-service attacks against secured OT equipment.
KraftCERT also considers it highly unlikely that there will be successful destructive attacks against OT systems in the short term. This is because such attacks are extremely resource- and expertise-intensive, require in-depth knowledge of both the facility in question and the physical processes involved, and necessitate the development and precise use of advanced malware.
Artificial Intelligence in the threat landscape
Technological developments also help shape the threat landscape. Artificial Intelligence (AI) is accelerating the pace of cyber threat development, particularly for threat actors with limited capabilities. But this does not alter the fundamental structure of the threat landscape.
KraftCERT considers it highly likely that AI will increase the volume of attacks, particularly from less sophisticated actors. AI can streamline information gathering and lower the threshold for carrying out attacks.
Equally, the assessment emphasises that AI introduces new attack surfaces, with the potential for new entry points and lateral movement within networks. AI systems can also pose vulnerabilities in and of themselves.
Effective measures require situational awareness
In order to implement effective measures, organisations must have good situational awareness. Good situational awareness is essential for deploying effective measures and must be developed through a combination of the organisation’s own experiences and assessments, those of other organisations, the national threat landscape and sector-specific assessments.
Havtil encourages companies to continue using established platforms for collaboration and information exchange, with each other, with the authorities and with the sector response network for the petroleum sector.
KraftCERT’s package of measures, describing actions to counter the various threats, will be published in autumn.
The treath assessment is available in Norwegian only.