A report released July 10 finds alarming gaps in the security of the world’s critical infrastructure.
The study—sponsored by Unisys and conducted by Michigan-based security research firm Ponemon Institute—was based on an Internet survey of 599 respondents from 13 countries in the oil and gas, utilities, alternative energy, and manufacturing industries conducted in April and May 2014.
Key findings from the report—titled “Critical Infrastructure: Security Preparedness and Maturity”—include:
- 67% of respondents say their companies have had at least one security compromise that led to the loss of confidential information or disruption to operations over the past 12 months.
- 57% of respondents say that cyber threats are putting industrial control systems and supervisory control and data acquisition systems at greater risk.
- 54% of respondents say upgrading legacy systems to the next improved security state may result in sacrificing mission-critical security.
- 34% of respondents say their companies do not get real-time alerts, threat analysis, and threat prioritization intelligence that can be used to stop or minimize the impact of a cyberattack.
- 83% of respondents say their companies have not fully deployed their information technology security programs.
However, even with the significant security gaps that were reported, only 28% of respondents agreed that security is one of the top five strategic priorities for their company.
The latest news seems to indicate that the threat is real. POWER recently reported that a group of Russian-based hackers have been conducting an ongoing cyber-espionage campaign against energy sector companies in the U.S. and Western Europe. Only a month earlier, the U.S. filed criminal charges against Chinese military hackers for computer hacking, economic espionage, and other offenses directed at six American targets in the U.S. nuclear power, metals, and solar products industries over the period 2006 to 2014.
“The findings of the survey are startling, given that these industries form the backbone of the global economy and cannot afford a disruption,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “While the desire for security protection is apparent among these companies, not nearly enough is actually being done to secure our critical infrastructure against attacks.”
“We hope the survey results serve as a wake-up call to critical infrastructure providers to take a much more proactive, holistic approach to securing their [information technology] systems against attacks,” said Dave Frymier, chief information security officer at Unisys.
For more on cyberattack types, see “Just Hop on the Bus, Gus: 13 Ways to Hack a Power Plant” in the June issue of POWER.
—Aaron Larson, associate editor (@AaronL_Power, @POWERmagazine)