Critical Read

Critical infrastructure under attack -- and unprepared

Electrical infrastructure

What: "Critical Infrastructure: Security Preparedness and Maturity," a report from the Ponemon Institute and Unisys, based on a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies in 13 countries; conducted in April and May.

Why: Critical infrastructure providers are a prime target of cyberattackers across the globe. In the U.S., critical infrastructure providers are working with federal authorities to strengthen their defenses. The threat against the supervisory control and data acquisition (SCADA) systems that run electric, water, gas and other systems are under almost constant electronic assault from outsiders. For instance, in late June, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team posted warnings about a targeted ICS-focused malware campaign wielding a multipronged assault on critical infrastructure providers.

Only 17 percent of the companies surveyed said most of their IT security program activities had been deployed. Forty-three percent said they have defined activities that were only partially deployed, while 7 percent said their IT security activities have not been defined or deployed. That gap could be attributed to the fact that only 28 percent of respondents said security was among the top five strategic priorities at their companies.

Verbatim: "The risk to industrial control systems and SCADA is believed to have substantially increased. Fifty- seven percent of respondents agree that cyber threats are putting industrial control systems and SCADA at greater risk. Only 11 percent say the risk has decreased due to heightened regulations and industry-based security standards."

Full report: Click here.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Mon, Oct 6, 2014

"You can’t take it away." -- Sure you can. The electrical grid was interconnected before the internet - see: Leased Lines. Neither government agencies, private industry or confederations such as the open source movement (heartbleed or the even larger shellshock) have shown they know how to successfully secure systems connected to the Internet from attack. Given that for the vast majority of systems, especially SCADA systems where I have heard from years the same old and tired "security by obscurity" tropes the first action that needs to be taken is moving these supervisory and control networks back to private space. Once they are architected to be secure, THEN you can see about saving costs to move the transport layer back to the Internet. Yes, it *can* be safe, but it's NOT safe now - so it shouldn't be hooked to the internet NOW. Hooking to the Internet should be earned, not assumed. While your psyched at the "ooh shiny/think of the possibilities" I'm thinking about how much fun it will be sitting in the dark for a few weeks while everyone who was enamored with what we could do instead of what we reasonably should have done is scrambling to clean up the mess caused by their hubris and lack of proper risk management.

Wed, Jul 16, 2014 Aron Semle Portland, Maine

"Why are industrial control/SCADA networks even connected to the Internet?" is a really great question. It's largely driven by efficiency and cost. You could argue this is cheap, and it is. In reality the IoT revolution, which is promising huge gains in efficiency, is here because hardware and connectivity (i.e. the internet) are cheap enough to make it possible. It doesn’t exist without leveraging the Internet. You can’t take it away. SCADA can use the Internet, embrace IoT, and be safe. It’s just a new concept that requires a new way of thinking. Our industry tends to move slowly, and this IoT revolution is challenging that. Stepping back it’s all really quite amazing, and I’m psyched to be part of it.

Wed, Jul 16, 2014

Why are industrial control/SCADA networks even connected to the Internet? Before the Internet, they were interconnected with private leased lines - are we really so cheap as to jeopardize our critical infrasture by piggy backing it on the open Internet?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group