While no one is yet crying over spilled oil, it appears that once again Iran’s energy infrastructure has fallen victim to cyber security disruption.  As reported in The New York Times , it seems that fears of operational impact on Iranian oil terminals caused officials there to unplug their facilities from the internet in order to avoid damage for the “wiper” virus.  Surely this is harder than it sounds and has far reaching implications when it comes to system restoration.

We can all learn at Iran’s expense.

Stuxnet, was the first serious wake-up call that industrial control systems, like those that control nuclear and most other power generation plants, are susceptible to cyber-attack, just like the rest of the systems that control the free, and not so free, world, from critical infrastructure to your desktop computer at home. For years, industrial control systems and automation systems were considered beyond the reach of cyber criminals and nasty nation-state actors because they were not connected to the internet.  Iran has proved this assumption to be untrue.  In fact, cyber security experts for years have been warning that critical infrastructure operational technologies lack appropriate cyber defenses.

Having just spent three days in the presence of 5,000 attendees at ABB’s Automation Power World 2012, it is clear that cyber security is a concern to those that operate power and automation systems, but mostly in the context of meeting the requirements imposed by NERC CIP. “It will take a major disruptive incident to make cyber security a priority,” was a comment I heard more than once.

While no one wants to see the global oil supply adversely effected, one can hope that this second high-profile cyber security attack on Iran will serve as an important lesson to those in the West from the board room to the control room, highlighting that the time has come to establish serious cyber security programs.  The safety and reliability of our nation’s energy supply chain depends on it.  Let’s learn from Iran’s mistakes rather than waiting for the lights to flicker here.