Previously in The Sentryo Files: Industries vs Cyberattacks… After the pipeline,  and the water current turbine, Sentryo would like to take a look back at the attack on Telvent’s IT network in 2012.

Canadian company Telvent victim of a cyberattack on its IT network in 2012

In 2012 in Canada, the IT network of the company Telvent became the target of a cyberattack. Company consequences? Remote customer access was disconnected and customer and product data was stolen.

How did the attack on Telvent in 2012 play out?

The company Telvent designs supervisory control and data acquisition systems (SCADA). In 2012, Telvent informed its customers that on September 10 a cyberattack managed to bypass its internal firewall and security systems to install malicious software. As a result, files concerning sensitive projects and customer data were stolen.

Security experts spotted elements that revealed the identity of the attackers: a group of Chinese hackers (Comment Group) associated with other cyber espionage campaigns against Western interests and known as the most active group in China (under surveillance by American intelligence agencies).

During this cyberattack, the group of hackers targeted the OASyS SCADA software and aimed, above all, to modify customer files. It finally gained access to the company’s IS. Luckily, the attack halted there: the SCADA access code was not compromised which would have had more serious consequences above and beyond file theft.

We can congratulate the company Telvent on how they reacted to the situation. As soon as they found out about the cyberattack, they blocked remote access to their customers’ control systems in order to limit damage and took responsibility by informing their customers of the attack even though they were not obligated to do so.

How could they have prevented this attack?

Telvent could have protected itself from this type of attack by raising awareness within its organization of the risks related to cyberattacks and by separating its different environments. A few days after this cyberattack, Telvent announced a new partnership with a company specialized in cybersecurity. This partnership aims to reinforce the cybersecurity system for all of Telvent’s critical infrastructures with the system developed by Telvent’s partner. This system collects and analyzes all information from control systems. As such, it provides critical infrastructure operators with a clear vision of all modifications made to systems and where they come from. Telvent reacted responsibly by seeking to protect itself from future cyberattacks.

Companies developing software for industrial IS  must protect development environments and ensure that they are separated from the rest of the IS. The energy sector is particularly at risk given that the energy industry is a prime target for cyberattacks.

Sources: reports drafted by the SCADA work group of the French Information Security Club (Clusif) in 2017.