Critical Read

Critical infrastructure under attack -- and unprepared

Electrical infrastructure

What: "Critical Infrastructure: Security Preparedness and Maturity," a report from the Ponemon Institute and Unisys, based on a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies in 13 countries; conducted in April and May.

Why: Critical infrastructure providers are a prime target of cyberattackers across the globe. In the U.S., critical infrastructure providers are working with federal authorities to strengthen their defenses. The threat against the supervisory control and data acquisition (SCADA) systems that run electric, water, gas and other systems are under almost constant electronic assault from outsiders. For instance, in late June, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team posted warnings about a targeted ICS-focused malware campaign wielding a multipronged assault on critical infrastructure providers.

Only 17 percent of the companies surveyed said most of their IT security program activities had been deployed. Forty-three percent said they have defined activities that were only partially deployed, while 7 percent said their IT security activities have not been defined or deployed. That gap could be attributed to the fact that only 28 percent of respondents said security was among the top five strategic priorities at their companies.

Verbatim: "The risk to industrial control systems and SCADA is believed to have substantially increased. Fifty- seven percent of respondents agree that cyber threats are putting industrial control systems and SCADA at greater risk. Only 11 percent say the risk has decreased due to heightened regulations and industry-based security standards."

Full report: Click here.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Mon, Oct 6, 2014

"You can’t take it away." -- Sure you can. The electrical grid was interconnected before the internet - see: Leased Lines. Neither government agencies, private industry or confederations such as the open source movement (heartbleed or the even larger shellshock) have shown they know how to successfully secure systems connected to the Internet from attack. Given that for the vast majority of systems, especially SCADA systems where I have heard from years the same old and tired "security by obscurity" tropes the first action that needs to be taken is moving these supervisory and control networks back to private space. Once they are architected to be secure, THEN you can see about saving costs to move the transport layer back to the Internet. Yes, it *can* be safe, but it's NOT safe now - so it shouldn't be hooked to the internet NOW. Hooking to the Internet should be earned, not assumed. While your psyched at the "ooh shiny/think of the possibilities" I'm thinking about how much fun it will be sitting in the dark for a few weeks while everyone who was enamored with what we could do instead of what we reasonably should have done is scrambling to clean up the mess caused by their hubris and lack of proper risk management.

Wed, Jul 16, 2014 Aron Semle Portland, Maine

"Why are industrial control/SCADA networks even connected to the Internet?" is a really great question. It's largely driven by efficiency and cost. You could argue this is cheap, and it is. In reality the IoT revolution, which is promising huge gains in efficiency, is here because hardware and connectivity (i.e. the internet) are cheap enough to make it possible. It doesn’t exist without leveraging the Internet. You can’t take it away. SCADA can use the Internet, embrace IoT, and be safe. It’s just a new concept that requires a new way of thinking. Our industry tends to move slowly, and this IoT revolution is challenging that. Stepping back it’s all really quite amazing, and I’m psyched to be part of it.

Wed, Jul 16, 2014

Why are industrial control/SCADA networks even connected to the Internet? Before the Internet, they were interconnected with private leased lines - are we really so cheap as to jeopardize our critical infrasture by piggy backing it on the open Internet?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group