The BND warns of cyber attacks on German LNG (liquefied natural gas) terminals. The threat to critical infrastructure is greater than ever. The war in cyberspace is becoming internationalized far beyond the actual crisis regions.
A few days ago, the President of the BND (Federal Intelligence Service), Bruno Kahl, warned of cyber attacks on the new LNG (liquefied natural gas) terminals in Germany. Since the Russian attack on Ukraine, it has become clear that the war in cyberspace is becoming internationalized and leaving traces beyond the actual crisis region. Among other things, Germany is relying on LNG as an alternative to Russian gas supplies and is quickly building its own infrastructure for this purpose.
Threats come from China and Russia
Kahl still sees Russia and China as the largest source of cyber threats for Germany. State actors in both countries are intensively active in cyberspace to damage politics, administration, business, research and society in Germany. Attacks from significantly smaller states can also be observed.
“The identification of liquefied natural gas (LNG) terminals as a possible target, as stated by the President of the Federal Intelligence Service (BND), shows the national risk of cyberattacks,” said Bernard Montel, EMEA Technical Director and Security Strategist at IT security provider Tenable. “In the event of a successful attack, there is an obvious risk of disruption to the service itself, as the attackers aim to disable the OT infrastructure that supports the functionality of the lines, as was the case in the attack on Colonial Pipeline in the US
Cyber attacks on industrial targets are not new
There is also a risk that cybercriminals will access production data, which could also impact the quantity and quality of gas conversion, as was the case in the attack on a water treatment plant also in the USA. A data breach or even destruction (wiping attack) could significantly or even permanently impact the company's ability to recover.
While the threat to critical infrastructure has never been greater and the risk of harm to citizens is even greater, this is not a new battlefield. Attacks on industrial targets have been known in Europe for many years, including the German multinational engineering and steel production group ThyssenKrupp AG, the security and mobility solutions provider Rheinmetall, the Aurubis copper smelter, the three wind energy companies Enercon, Nordex and Deutsche Windtechnik, and many others.
Monitor attack paths to minimize risks
To mitigate risk, companies must first understand and assess their attack surface from an IT and cyber perspective. This includes assessing the underlying technical infrastructure to determine the threat and identify points of attack. This may seem like a colossal task given the large number of IT systems, but also the interdependent OT systems. Security teams need to map their infrastructure holistically to get a complete picture of what systems support the entire LNG terminal. With a complete and daily updated map, which we call ‘attack paths,’ cybersecurity managers can monitor their IT and OT assets and efficiently and effectively identify any potential vulnerabilities that could be exploited by attackers.”
Critical infrastructure systems are becoming more complex
“In times of intense geopolitical tension and conflict, nation states will continue to escalate their defensive and offensive actions in cyberspace. The goal is to impact and disrupt critical resources of their opponents while defending their own resources, infrastructure and systems,” adds Sascha Spangenberg, cybersecurity expert at Lookout. “With so much of our lives now relying on digitalization, the scope of what is considered “critical infrastructure” for our lives has expanded massively.
Critical infrastructure systems for power generation and distribution, water treatment, wastewater disposal and other areas are becoming increasingly complex in order to be able to control them more intelligently. Just a few decades ago, power grids and other critical infrastructure were operated in isolation using OT systems. Today, OT and IT environments are much more interconnected, making them more vulnerable to cyberattacks. The energy industry is increasingly becoming the focus of attackers, including cybercriminals looking for quick money and nation-state actors waging war using digital means.
NIS2 policy includes mobile devices
The NIS2 Directive introduced by the European Union aims to strengthen the security and resilience of critical infrastructure and digital services. Originally designed for network and information systems, the policy has been extended to mobile devices to reflect their importance in today's digital landscape. NIS2 sets requirements for incident reporting, security measures, risk management and collaboration, and requires infrastructure managers to protect users and their data from potential cyber threats. The policy introduces several requirements for mobile device security, including increased security, improved incident response, improved risk awareness and increased collaboration.
Mobile device security measures are essential
The increasing use of mobile devices to access critical infrastructure is also attracting the attention of cybercriminals seeking to exploit vulnerabilities and gain access to sensitive data. In response, NIS2 recommends, among other things, mobile threat defense (MTD) solutions as important tools for protecting mobile devices and sensitive information.
MTD solutions are an essential part of the NIS2 policy as they provide advanced protection against mobility-specific threats. They are designed to detect and mitigate risks posed by a variety of mobile threats, including malware, phishing attacks, network spoofing, and device vulnerabilities. These solutions typically combine multiple security techniques, such as real-time threat intelligence, behavioral analytics and machine learning, to detect and respond to emerging threats in real time.”
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.