There has been an unprecedented amount of press lately around new cyber-attacks in the chemical industry during the last year. In a string of cyber-attacks, hackers have stolen critical formulas and plans from major chemical companies.
In August 2012 Saudi Aramco, Saudi Arabia’s national oil company and the largest in the world, has confirmed that is has been hit by a cyber-attack that resulted in malware infecting 30,000 workstations.
This is just the latest of a series of cyber-attacks dubbed as “Shamoon” to have affected the energy and pharmaceutical sectors in the last months. Other recent attacks include “Flame”, “Duqu” and “Stuxnet”
Several attacks were recently uncovered by the largest computer security software manufacturer, Symantec, which reported the hackers aims were corporate espionage rather than a terrorist attempt to procure chemicals.
“The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage” said Symantec.
A report from Cisco indicates as in 2011, among the top 10 pharmaceutical and chemical industries were at the highest risk of malware attacks by cyber-crime. The second annual cyber-crime survey carried out from the Ponemon Institute illustrates that the median annualized cost for cyber-crime among large-sized organizations reached $5.9 m per year in 2011, a cost increase of 56% from the prior year.
These studies indicate Cybercrime costs economies billions annually, with chemical, petrochemical and pharmaceutical companies among the hardest hit.
Clearly, companies that do not pay adequate attention to their IT security are at risk and implications of cybercrime within the chemical, petrochemical and pharmaceutical industry go beyond the obvious financial damage.
Cybercrime also sparks off legal implications through customer and client lawsuits, loss of productivity due to crimeware infections and subsequent downtime, as well as personal accountability for company executives held directly responsible for data breaches. This can lead to brand damage, since once chemical and pharmaceutical organisations are exposed in the media for breaching data, it can be difficult to recover public trust.
Challenges faced by those industries include how to protect corporate IP to reduce the incidence of theft of high value information such as formulas and production systems, how to secure critical infrastructures from cyber-attacks and in general creating a culture for security through on-going awareness campaigns that will help to protect them.
All of this issues will be addressed by Qatalyst Global at Cyber Security for Chemical Industry USA conference.
The event will be held from 27-28 September in Houston, Texas, USA together leading C-level practitioners from Corporate IT Security and Process Control Departments from the Chemical, Petrochemical and Pharmaceutical companies across North America to discuss best practices on securing and preventing organizations from cyber-attacks.
On 22nd August 2012, Stuart Wagner, Executive Director, IT Security & Compliance at Enterprise Products and President at ISSA South Texas Chapter, has been appointed Chairman of this conference; together with all the other speakers they will provide a multidisciplinary approach to tackle the fundamental challenges in Cyber Security by identifying the emerging Cyber Security Threats and Trends looking at new technologies and the changing digital arena and how this impact Cyber Security.
Confirmed speakers include: Scott von Fischer, CISO, Lyondell Bassell, Marc Othersen, CISO, Hess; Lisa Kaiser, Director, Control Systems Strategic Planning Department of Homeland Security; Ramachandra Hegde, CISO, Praxair and many more.