Energy giant confirms breach of customer project files

Telvent's systems are used to control pipelines in North America and Latin America

Telvent, a Canadian energy firm whose systems are used to control more than half of all oil and gas pipelines in North America and Latin America, today confirmed a security breach involving the project files of some of its customers.

In a statement, a spokesman from Schneider Electric -- the French energy giant that owns Telvent -- said that the company has informed all affected customers of the breach. They are taking all recommended actions with support from Telvent teams, the company said.

"Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained," Schneider Electric said.

Schneider Electric's confirmation came after security blogger Brian Krebs disclosed how hackers believed to be from China had breached Telvent.

The intruders broke through the company's firewall earlier this month, infiltrated portions of its network, installed malicious software and stole data on customer projects involving a Telvent product called OASyS SCADA, Krebs reported today.

Telvent has disabled all data links between customers and affected portions of its networks as a precautionary move, Krebs noted, quoting from a Telvent customer advisory.

The company has implemented new procedures for providing remote support to clients while it works on ridding its networks and systems of all malware.

"In a series of written communications to clients, the company detailed ongoing efforts to ascertain the scope and duration of the breach," Krebs wrote. "In those communications, Telvent said it was working with law enforcement and a task force of representatives from its parent firm, Schneider Electric."

From Telvent's description of the malware in its alert, the company appears to have been attacked by a notorious Chinese hacking group called the Common Group, Krebs said. The group has been associated with cyber espionage activities against large energy companies and Fortune 500 firms for the past several years, the blogger said.

News of the Telvent breach comes just days after Dell's SecureWorks Counter Threat Unit issued an alert warning about a sustained cyber espionage campaign directed at companies in the energy sector. The alert referred to an attack against Canadian energy companies as well as attacks against an oil company in the Philippines, a military organization in Taiwan and several unidentified entities in Nigeria, Egypt, Brazil and Israel.

A spokeswoman from SecureWork today said that the Canadian energy company referenced in that alert is not Telvent.

The Telvent attack is worrisome, given the enormous presence the company has within energy companies in North America, said Dale Peterson, CEO of Digital Bond, a consulting company that specializes in control system security.

The OASyS project files pertained to a product used to integrate an energy company's backend networks with new smart-grid technology. But if hackers got access to those files, they likely gained access to project files involving other Telvent products used to manage oil and natural gas pipelines, Peterson said.

Telvent's Supervisory Control and Data Acquisition (SCADA) systems help energy companies do things like opening and closing valves in pipelines and monitoring pipeline pressure and temperature, he said.

Telvent's SCADA systems are typically customized for each customer's requirements. An attacker with access to information on a particular customer's implementation would be able to identify potential soft spots and attack them, Peterson said.

"It would allow them to understand the best way to modify the system to attack one of these installations," he said. Peterson pointed to the Stuxnet attacks on Iran's nuclear facilities at Natanz as a classic example of how hackers can use information on a SCADA installation to sabotage it.

In the Natanz incident, cyber attackers destroyed about one-fifth of the 5,000 centrifuges at the facility by tricking the SCADA systems into making them spin faster.

Crafting such attacks would require considerable domain expertise, even with all the project information on hand, Peterson said. With Stuxnet, nuclear engineers who knew precisely what to do to sabotage the system were likely involved, Peterson said. The attackers at Telvent would need the same level of skills to take advantage of stolen project files, he said.

The more immediate concern is whether hackers could infiltrate Telvent's customer networks by taking advantage of the remote connectivity such companies typically maintain with their clients, Peterson said.

In that context, Telvent's move to temporarily disable its direct data links with customers is smart, he added. Telvent is doing the right things in notifying customers of the breach and keeping them abreast of the details, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts