April 20, 2011
Cyber Threats Increasing For Critical Infrastructure
A new study found that cyber threats are becoming an increasing risk to critical infrastructure around the globe, and many facilities are unprepared for them.
"We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year," Stewart Baker of the Center for Strategic and International Studies (CSIS) said in a statement.
The report was conducted by computer security firm McAfee. The company surveyed 200 information technology executives that were in charge of security at power, oil, gas and water facilities in 14 countries.
"What we found is that they are not ready," the McAfee-CSIS report said. "The professionals charged with protecting these systems report that the threat has accelerated -- but the response has not."
"The fact is that most critical infrastructure systems are not designed with cybersecurity in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyberattacks," McAfee vice president Phyllis Schneck said in a statement.
Forty percent of those surveyed said they believed their industry's vulnerability had increased and 30 percent said their company was not prepared for a cyberattack.
According to the study, 40 percent of the infrastructure executives also expect a major cyberattack to take place within the next year.
About 70 percent said they frequently found malware designed to sabotage their systems and nearly half of the executives said they found Stuxnet on their systems.
Stuxnet targets computer control systems made by German industrial giant Siemens.
The malware reportedly targeted Iran's Bushehr nuclear power plant, but it also hit systems in other countries as well.
The study found that 80 percent of the executives said they faced a large-scale denial of service attack (DDoS), in which a large number of computers are commanded to simultaneously visit a website.
The report said that Brazil, France and Mexico are lagging in their security measures, adopting only half as many as countries like China, Italy and Japan.
Over half of the respondents said they believe that foreign governments have been involved in network probes against their domestic critical infrastructure.
On the Net:
- Center for Strategic and International Studies
- Report: In the Dark: Crucial Industries Confront Cyberattacks (pdf)