A new report says the industries in gravest danger from the increasing number of cyber threats is critical infrastructure industries such as power grids, oil, gas and water.
The report, titled In The Dark: Crucial Industries Confront Cyber Attacks, was jointly produced by McAfee and the Center for Strategic and International Studies (CSIS). Forty percent of information technology executives at critical infrastructure companies surveyed for the report said their industry's vulnerability had increased. Thirty percent said their company was not prepared for a cyberattack and 40 percent expected one.
The report is a follow-up to another report done by McAfee and CSIS, In the Crossfire: Critical Infrastructure in the Age of Cyberwar, from 2010. That report had said the critical infrastructure industries lacked protection against cyber attacks, which can come at a high cost. Since that report, the threat of cyber attacks has only gotten worse while the response has not kept up, according to McAfee and CSIS.
What we are learning is the smart grid is not so smart, said Dr. Phyllis Schneck, vice president and chief technology officer for public sector at McAfee. The report points to Stuxnet, a sophisticated piece of malware designed to sabotage critical IT infrastructure, having been found on half of the electronic industry respondents as an example of the lack of response.
The fact is that most critical infrastructure systems are not designed with cyber security in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyber attacks, Schneck said.
Eighty percent of respondents have faced a large-scale denial of service attack (DDoS) according to the report. Even worse, 25 percent have been victims of extortion through actual or threatened cyber attacks. Attacks on the government have also been prevalent. More than half said they have suffered because of attacks on government IT infrastructure. All told, it doesn't paint a pretty picture.
Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check, Jim Woolsey, former United States Director of Central Intelligence, said in a statement.
The survey was commissioned to research firm Vanson Bourne, which talked to 200 IT executives across the energy, oil/gas and water sectors around the world.