Are CIOs Ready To Deal With Hackers?

Hackers pose a serious threat to CIOs, are CIOs ready?
Hackers pose a serious threat to CIOs, are CIOs ready?
Image Credit: Dani Latorre

As CIOs, every day is busy. We’ve got a lot of different things going on that have to do with the importance of information technology and it can be very challenging to try to get everything done. That’s why when it comes to hackers, we are aware of the problem but we may not be currently doing anything about it. The thinking goes that if we run into a problem with hackers, we’ll then free up some time and take care of things then. Perhaps this is not the best overall plan. For you see, the hackers are out there and they may have already found a way into your firm. The time to deal with them is now. Are you ready?

A Problem In Saudi Arabia

If you need an example of what hackers could possibly do to your firm if they were able to find a way in, then all you have to do is take a look at a petrochemical plant that is located in Saudi Arabia. Although you may not be responsible for a petrochemical plant, what happened there should have a number of lessons for you. Hackers were able to attack the plant and gain access to it. Once inside, the hackers got control over a safety shut-off system that in the case of a catastrophic even would be critical. This means that if something bad had happened at the petrochemical plant, it could possibly have been destroyed if the critical safety system didn’t perform as it was designed to. Clearly this is a new type of cyberattack.

Schneider Electric is the company that makes the emergency shut-off system. They have had a chance to take a look at what the hackers did. The hacker’s software has been given a name: Triton. This software was created to change the memory of Schneider devices in order to allow unauthorized programs to be run on the system. The hackers were able to do this because they had found a previously unknown bug in the Schneider code. This bug provided the hackers with the ability to control what the safety system will do if an emergency was to happen.

The reason that this is such a big deal is because it appears to represent a new phase in attacks on control systems. For the person with the CIO job this is especially worrisome. These are the computers that are used to manage things like factory floors, entire chemical plants, and many different types of utilities. However, this is not the first of these types of attacks. The best known one was the Stuxnet attack. This attack was discovered in July of 2010. Stuxnet was responsible for manipulating the industrial control systems that ran the nuclear centrifuges. This hack programmed the machines to destroy themselves.

Lessons Learned

There are lessons to be learned from the hacking attempts that we know about. The Stuxnet hack was a joint operation by the U.S. government and the Israeli government to derail Iran’s nuclear weapon program. The Saudi hack appears to be a work that is still under construction according to the security experts who have had a chance to examine the code. The actual objective of the code is not yet clear. A difference between the two hacks is that the Triton hack goes after safety-instrumented systems. These systems are different from the industrial controllers that the Stuxnet hack went after. The Triton hack goes after the systems that act as a plant’s last line of defense in the case that there is a situation that could lead to either an explosion or a spill.

The reason that the Triton hack is causing CIOs so much concern is because it is the first know breach of the safety system layer. Where the real danger in all of this lies is what comes next. CIOs fear that as the Triton hack is improved, there will be a logical next step. That step will require the Triton and the Stuxnet hacks to be combined. When this happens, the hackers will be able to take control of both the machines that are operating on the factory floor as well as the safety control systems that are there to prevent anything from going wrong if one of the machines on the floor has a failure. This kind of attack could disrupt a plant and its safety back up systems.

The problem at the Saudi plant started when the hackers were able to gain access to an engineering workstation. Once they had done that, they were then able to reprogram a 16-year old version of a Schneider product. The reason that Schneider learned that their system had been hacked was because of a call that they received from a customer. The customer informed them that one of the company’s systems had “tripped”. The result of this action was that the entire plant had shut down. From a CIO point-of-view this starts to show the scope of the problem that we are facing. If we don’t find a way to detect and deal with hackers, all of our operations may be at risk.

What All Of This Means For You

There is no doubt that the person in the CIO position has their hands full. Every day is filled with decisions that have to be made, challenges that have to be met, and new technologies that have to be evaluated. However, it turns out that the problem of hackers getting into the company’s systems is becoming an even bigger problem. Now CIOs are going to have to spend time thinking about how they want to deal with this issue.

The reason that hackers breaking in has suddenly jumped to the top of a CIOs issue list is because of a petrochemical plant in Saudi Arabia. The hackers got control over a safety shut-off system that in the case of a catastrophic even would be critical. The hacker’s software has been given a name: Triton. The hackers were able to install their software because they had discovered a previously unknown bug in the Schneider Electric software. This attack is important because it appears to represent a new phase in attacks on control systems. Of great concern to CIOs is what could happen if hackers were able to combine the Stuxnet hack with the Triton hack. They could take over a complete facility and its safety control systems. Schneider learned of the hack when a customer reported that a plant’s safety control system had “tripped”. CIOs need to understand the threat that they are facing and start to take action.

There is no doubt that CIOs are busy. However, as the Saudi petrochemical plant event shows us, hackers are becoming a serious threat to our companies. CIOs need to start to take steps to make sure that hackers will kept out and that if they do get in, the effects can be minimized. Taking action today will save CIOs a world of hurt tomorrow.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: How much time do you think that CIOs should be spending on the hacker problem?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

All CIOs have heard about big data by now: the Tsunami of data that is washing over every company and the struggle that they have to collect it, store it, and then process it in order to create actionable information. As a CIO, when we think about big data we are faced with a number of questions having to do with the importance of information technology that we have not had to deal with in the past. Is this going to require a new architecture? Will new platforms be required? These are all questions that we are go to have to be able to answer, but first we need to make sure that we understand the questions.