Critical Read

Critical infrastructure under attack -- and unprepared

Electrical infrastructure

What: "Critical Infrastructure: Security Preparedness and Maturity," a report from the Ponemon Institute and Unisys, based on a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies in 13 countries; conducted in April and May.

Why: Critical infrastructure providers are a prime target of cyberattackers across the globe. In the U.S., critical infrastructure providers are working with federal authorities to strengthen their defenses. The threat against the supervisory control and data acquisition (SCADA) systems that run electric, water, gas and other systems are under almost constant electronic assault from outsiders. For instance, in late June, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team posted warnings about a targeted ICS-focused malware campaign wielding a multipronged assault on critical infrastructure providers.

Only 17 percent of the companies surveyed said most of their IT security program activities had been deployed. Forty-three percent said they have defined activities that were only partially deployed, while 7 percent said their IT security activities have not been defined or deployed. That gap could be attributed to the fact that only 28 percent of respondents said security was among the top five strategic priorities at their companies.

Verbatim: "The risk to industrial control systems and SCADA is believed to have substantially increased. Fifty- seven percent of respondents agree that cyber threats are putting industrial control systems and SCADA at greater risk. Only 11 percent say the risk has decreased due to heightened regulations and industry-based security standards."

Full report: Click here.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Mon, Oct 6, 2014

"You can’t take it away." -- Sure you can. The electrical grid was interconnected before the internet - see: Leased Lines. Neither government agencies, private industry or confederations such as the open source movement (heartbleed or the even larger shellshock) have shown they know how to successfully secure systems connected to the Internet from attack. Given that for the vast majority of systems, especially SCADA systems where I have heard from years the same old and tired "security by obscurity" tropes the first action that needs to be taken is moving these supervisory and control networks back to private space. Once they are architected to be secure, THEN you can see about saving costs to move the transport layer back to the Internet. Yes, it *can* be safe, but it's NOT safe now - so it shouldn't be hooked to the internet NOW. Hooking to the Internet should be earned, not assumed. While your psyched at the "ooh shiny/think of the possibilities" I'm thinking about how much fun it will be sitting in the dark for a few weeks while everyone who was enamored with what we could do instead of what we reasonably should have done is scrambling to clean up the mess caused by their hubris and lack of proper risk management.

Wed, Jul 16, 2014 Aron Semle Portland, Maine

"Why are industrial control/SCADA networks even connected to the Internet?" is a really great question. It's largely driven by efficiency and cost. You could argue this is cheap, and it is. In reality the IoT revolution, which is promising huge gains in efficiency, is here because hardware and connectivity (i.e. the internet) are cheap enough to make it possible. It doesn’t exist without leveraging the Internet. You can’t take it away. SCADA can use the Internet, embrace IoT, and be safe. It’s just a new concept that requires a new way of thinking. Our industry tends to move slowly, and this IoT revolution is challenging that. Stepping back it’s all really quite amazing, and I’m psyched to be part of it.

Wed, Jul 16, 2014

Why are industrial control/SCADA networks even connected to the Internet? Before the Internet, they were interconnected with private leased lines - are we really so cheap as to jeopardize our critical infrasture by piggy backing it on the open Internet?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group