Modern hackers need modern cyber security

Knowledge of the industry is essential to protect critical infrastructure

Today, companies have to protect themselves against national cyber-attack centres that have ultramodern equipment and limitless budgets. DNV has specialized in cyber-security expertise relating to the control systems in the maritime sector and in the power and oil & gas industries. We combine this with IT-security expertise 'under the same roof' in order to provide the all-round handling of cyber security that is needed to resist nationally driven attacks. 


Modern hackers have far more resources than we think

We have all heard about the “ordinary” hackers. The lone wolf who wants to show the world what he can do, the criminal gang motivated by financial gain such as fraud and blackmail and the cyber terrorists. But now, these cyber-attack centres have far more resources than most people are aware of. In its most organized form modern hackers have access to researchers, ordinary working hours and pension contracts. When major powers possess such aggressive attack capacity, with more or less limitless budgets, it is wise to protect yourself. 

The motivation for these hackers is not at all about finance or prestige. Their main motivation is related to positioning and escalation in connection with national conflicts. Some kinds of critical infrastructure are particularly vulnerable to these kinds of hacker attacks: oil and gas installations, maritime fleet and logistics controls, telecoms infrastructure and all kinds of power stations, power supply and networks. 


Good cyber security is crucial 

Good cyber security regarding critical infrastructure can save companies and nations from enormous financial losses, huge material damage, environmental disasters and, in the worst case, the loss of human life. Cyber ​​security must be a priority if you want to be competitive in today's market. The company must understand and be able to demonstrate that the security works effectively. 

Digitalization of the business processes leads to an increase in the attack surface. Various threatening actors can exploit vulnerabilities to gain unauthorized access to the company's crown jewels. Customers expect more from those who handle their information, and in addition, many companies have to comply with ever higher demands from supervisory authorities.


Ethical hacking 

Cyber attacks are of increasing concern in a wide range of industries including the maritime, oil and gas, and energy sectors. Information warfare is gathering intensity, and sometimes the best defence is to subject your organization to a simulated attack. 

This insight is driving the recruitment and development of ethical hackers, sometimes referred to as ‘white hat hackers’. Ethical hacking is an effective method for testing a business' ability to prevent and detect attempted attacks. In order to create the greatest value for the business, such tests should be carried out as realistically as possible. This will give companies the opportunity to prioritize measures based on realistic threat scenarios, and thus reduce risk. DNV strives to replicate attack techniques used by real threat actors. In addition to testing technical defense mechanisms, we also consider human and organizational factors. The purpose is to give our customers a comprehensive assessment of the security situation in a realistic way. 

DNV’s ethical hackers use a  three-step process starting with passive and active reconnaissance of the cyber security of, say, a ship, an oil platform, or a utility’s remote-metering infrastructure. Then we scan for potential vulnerabilities and, if we find any, try to gain access through penetration testing.

An unethical hacker would then try to secure access to the system for the future and cover up their tracks by altering files and logs. We do the opposite: we reveal vulnerabilities to help customers fix them. 


Why us? 

It is extremely important who handles the digitalization technology in critical infrastructure since the attacker has almost limitless resources. When assessing your cyber-security expertise, a company system or organization is often divided into two domains: office IT and industrial control systems.

While there is a broad array of services related to Office IT today, DNV’s strength is mainly related to Industrial control systems. These systems require very industry-dependent knowledge and that is where DNV has its extensive expertise. DNV has specialized in cyber-security expertise relating to the control systems in the maritime sector and in the power and oil & gas industries. We combine this with IT-security expertise 'under the same roof' in order to provide the all-round handling of cyber security that is needed  to resist nationally driven attacks.

Read these interesting articles regarding DNV and our work

The text is available in both English and Norwegian.