Security lags cyberattack threats in critical industries, report finds
The world's water treatment plants, power grids, and other vital industries are seeing escalating cyberattacks, but are not ramping up security fast enough, says a new global report.
Industries crucial to the functioning of society – such as water treatment systems, power plants, and oil and gas facilities – use computer-controlled systems that are under fast-growing cyberattack by hackers, often affiliated with government and organized crime groups, says a new report. These key industries, it adds, often are not boosting security to deal with the threat.Skip to next paragraph
Subscribe Today to the Monitor
For decades, industrial control systems that operate the power grid and other vital infrastructure enjoyed "security by obscurity." Cybercriminal gangs saw better places to make money. That's changed in a flash.
A drumbeat of reports in recent years has warned of the corporate trend to connect previously isolated vital systems to the Internet, making them more vulnerable to criminal and government hackers seeking to infiltrate infrastructure networks.
Against this backdrop, “In the Dark: Crucial Industries Confront Cyberattacks,” a global survey of 200 computer security professionals working in critical infrastructure industries, sends up another warning flare.
Cyberexploits and cyberattacks on vital infrastructure are now widespread, and perpetrators range from cybercriminals engaged in theft or extortion to foreign governments preparing sophisticated attacks, the report says. The Stuxnet worm was last year's key example – a cyberweapon that targeted Iran's nuclear program and damaged it, and that experts say could be modified to damage other systems.
According to the global survey, Stuxnet wormed its way into computer networks at companies of about 40 percent of respondents. Within the electric utility industry, the penetration was higher: Nearly half of the professionals surveyed said they had found Stuxnet on their systems.
Despite such evidence that cyberattackers are targeting critical infrastructure providers, many operators are not ramping up security and others are moving too slowly, the report says.
"What we found is that they are not ready," says the report commissioned by McAfee, the cybersecurity company, and conducted by the Center for Strategic and International Studies (CSIS), a Washington think tank. "The professionals charged with protecting these systems report that the threat has accelerated – but the response has not."
The report says 40 percent of cybersecurity professionals surveyed believe their industry has become more vulnerable in the past year. Some 30 percent say their company is not prepared for a cyberattack, and more than 40 percent expect a major cyberattack within the next year.
“We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study for CSIS, in a statement.
Limited progress has been made securing vital networks. Fifty-one percent of respondents at utilities say deployment of security technologies increased (compared with 50 percent the year before). Within the oil and gas industries, 48 percent boosted security technology in the past year, up from 45 percent a year earlier, the report said. Among the other findings: