How much do you know about the risk of network security risks

Text/Zhou Lei

The gas station is flammable and explosive dangerous place. Security responsibility is more important than Taishan, and people pay more attention to such physical security risks. Pay attention to remote, real -time, and dynamic supervision of employees' violations and abnormal conditions. As everyone knows, gas stations connecting generalized and intelligent applications are facing more and more network security risks.

The automation software architecture, typical infrastructure and internal communication of modern gas stations determine it as a complex system that integrates IT and OT. The network attack of any node will have a connection or spillover effect. Ordinary gas stations have all attributes of the industrial control system (ICS), such as pumps, storage tanks, controllers, management systems, payment systems, etc., and connecting with corporate networks, third -party service systems and the Internet. The IT and OT infrastructure of the gas station faces the dual threat of information space and physical space, and may transform each other, thereby intensifying the adverse consequences and effects of financial, environmental, personnel, and reputation.

In recent years, various network attacks against the oil and gas industry and even gas stations have become more frequent. The latest incident occurred in January 2022. The BlackCat ransom gang attacked the IT system of the oil tank loading and unloading process of oil tank loading and unloading. 233 gas stations have to run some processes manually.

From this point of view, in the digital era of generalization of network attacks, it is impossible for gas stations to connect the public daily life. So, where is its risk point?

Part of the application system exposed to the Internet. The gas station adopts a solution connected to public services through the Internet, such as cloud -based bank payment systems or specialized vehicle management systems. For fuel management software for tracking reserves, setting prices and processing payment, remote administrators may access or even change fuel prices.

The network isolation is not strict. If the network does not have segmented or isolation, the attack can be expanded from the entrance point (such as the auxiliary equipment of the convenience store and the office) to the key component (such as fuel management control). In the gas station network, unlimited protocols (HTTP, CDP, etc.) may cause attackers to leak sensitive information to implement subsequent attacks.

Risks of vulnerabilities. Oil controllers, POS terminals and network devices, as well as loopholes in enterprise terminals and applications. This is inevitable. In addition, OT devices such as automatic fuel levels and controllers may be multiple loopholes and cannot be repaired for a long time.

Risks related to supply chain security. For example, issues of oil storage, measurement, and billing systems may cause chain reactions.

There are also some suppliers and service companies that can access certain subsystems of infrastructure, and the door to the third party can open the door to the attacker.

People may have questions. Who will attack a gas station?

Andy Bochman, an Energy Security Strategic Expert in Energy Security Strategy and the Ministry of Land and Safety, said: "If it is an infrastructure provider, you will be the goal. Once you become the target "Rob Joyce, director of the Web Security Bureau of the National Security Agency (NSA), said:" In any large network, I can say that as long as you adhere to and focus on, you can find an attack method that can be available without zero vulnerabilities and can be available. . There are too many vectors that can be easier than zero vulnerabilities, low risks and often launch attacks faster. "

As the downstream terminal and endings of the oil and gas industry, the gas station is the connection of the public daily life and this key information infrastructure industry. It must be a variety of different threat acts (from low to high division into seven levels: amateur hackers, black -produced organizations, cyber criminal gangs or hackers, network terrorist organizations, general abilities countries/regional behaviors, high -level capabilities countries/regions/regions The attack target of behavior, super capable country/regional behavior). This is not doubtful, and no luck.

Therefore, the analysis and assessment of the network security of gas stations should adhere to the integration of systematic, large security, IT and OT security.

- END -