Tim Erlin, Director of IT Security and Risk Strategy for Tripwire says, “Industry experts have been talking about how cyber attacks could directly affect the power grid for a long time, so it shouldn’t be a surprise that it’s now actually occurred. Discussing a threat doesn’t count as mitigation. Energy companies need to invest in securing their infrastructure, from control systems to corporate IT. Investment isn’t just about buying products. It’s about people, skills and process. Purchasing the latest security device is easy compared to training security staff effectively.
"All malware, including BlackEnergy, requires an infection vector to get to its target. Attackers will almost always take the path of least resistance. Today, that means published vulnerabilities, misconfigurations and phishing scams. These are all security issues that we can address, with sufficient resources.