Critical Read

Critical infrastructure under attack -- and unprepared

Electrical infrastructure

What: "Critical Infrastructure: Security Preparedness and Maturity," a report from the Ponemon Institute and Unisys, based on a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies in 13 countries; conducted in April and May.

Why: Critical infrastructure providers are a prime target of cyberattackers across the globe. In the U.S., critical infrastructure providers are working with federal authorities to strengthen their defenses. The threat against the supervisory control and data acquisition (SCADA) systems that run electric, water, gas and other systems are under almost constant electronic assault from outsiders. For instance, in late June, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team posted warnings about a targeted ICS-focused malware campaign wielding a multipronged assault on critical infrastructure providers.

Only 17 percent of the companies surveyed said most of their IT security program activities had been deployed. Forty-three percent said they have defined activities that were only partially deployed, while 7 percent said their IT security activities have not been defined or deployed. That gap could be attributed to the fact that only 28 percent of respondents said security was among the top five strategic priorities at their companies.

Verbatim: "The risk to industrial control systems and SCADA is believed to have substantially increased. Fifty- seven percent of respondents agree that cyber threats are putting industrial control systems and SCADA at greater risk. Only 11 percent say the risk has decreased due to heightened regulations and industry-based security standards."

Full report: Click here.

About the Author

Mark Rockwell is a staff writer covering acquisition, procurement and homeland security. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Mon, Oct 6, 2014

"You can’t take it away." -- Sure you can. The electrical grid was interconnected before the internet - see: Leased Lines. Neither government agencies, private industry or confederations such as the open source movement (heartbleed or the even larger shellshock) have shown they know how to successfully secure systems connected to the Internet from attack. Given that for the vast majority of systems, especially SCADA systems where I have heard from years the same old and tired "security by obscurity" tropes the first action that needs to be taken is moving these supervisory and control networks back to private space. Once they are architected to be secure, THEN you can see about saving costs to move the transport layer back to the Internet. Yes, it *can* be safe, but it's NOT safe now - so it shouldn't be hooked to the internet NOW. Hooking to the Internet should be earned, not assumed. While your psyched at the "ooh shiny/think of the possibilities" I'm thinking about how much fun it will be sitting in the dark for a few weeks while everyone who was enamored with what we could do instead of what we reasonably should have done is scrambling to clean up the mess caused by their hubris and lack of proper risk management.

Wed, Jul 16, 2014 Aron Semle Portland, Maine

"Why are industrial control/SCADA networks even connected to the Internet?" is a really great question. It's largely driven by efficiency and cost. You could argue this is cheap, and it is. In reality the IoT revolution, which is promising huge gains in efficiency, is here because hardware and connectivity (i.e. the internet) are cheap enough to make it possible. It doesn’t exist without leveraging the Internet. You can’t take it away. SCADA can use the Internet, embrace IoT, and be safe. It’s just a new concept that requires a new way of thinking. Our industry tends to move slowly, and this IoT revolution is challenging that. Stepping back it’s all really quite amazing, and I’m psyched to be part of it.

Wed, Jul 16, 2014

Why are industrial control/SCADA networks even connected to the Internet? Before the Internet, they were interconnected with private leased lines - are we really so cheap as to jeopardize our critical infrasture by piggy backing it on the open Internet?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above