April 28, 2011

"Night Dragon" Example of Cyber Attacks

For my final note to Smart Grid Cyber Security Week, I wanted to draw your attention to "Night Dragon," a cyber attack on energy companies which a pal brought to my attention a few weeks back. According to this TechWorld article:

"Chinese hackers working regular business hours
shifts stole sensitive intellectual property from energy companies for
as long as four years using relatively unsophisticated intrusion methods
in an operation dubbed "Night Dragon," according to a new report from
security vendor McAfee.

The oil, gas and
petrochemical companies targeted were hit with technical attacks on
their public-facing Web sites, said Greg Day , director of security
strategy. The hackers also used persuasive social-engineering techniques
to get key executives in Kazakhstan, Taiwan, Greece, and the U.S. to
divulge information."

The article describes the method of attack and why McAfee experts trace it to China. It also highlights many of the common challenges that ensuring grid cyber security will entail, such as unknown attribution of attacks and lags in detection. This piece offers a concrete public example of the issues we've been touching on all week.

Sleep tight, energy companies!