Forty per cent of the critical infrastructure executives surveyed said they believed that their company was not prepared for a cyberattack. Even government and military infrastructures can be vulnerable. – Reuters File Photo
“We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker of the Center for Strategic and International Studies (CSIS), releasing a report conducted with computer security firm McAfee.
For the report, “In the Dark: Crucial Industries Confront Cyberattacks,” McAfee surveyed 200 information technology executives charged with security at power, oil, gas and water facilities in 14 countries.
“What we found is that they are not ready,” the McAfee-CSIS report said.
“The professionals charged with protecting these systems report that the threat has accelerated – but the response has not.”
Forty per cent of the critical infrastructure executives surveyed said they believed that their industry’s vulnerability had increased and 30 percent said their company was not prepared for a cyberattack.
Forty per cent said they expect a major cyberattack within the next year.
“Ninety to 95 per cent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check,” said Jim Woolsey, a former director of the US Central Intelligence Agency.
Nearly 70 per cent of those surveyed said they frequently found malware designed to sabotage their systems and nearly half of the respondents in the electricity industry sector said they found Stuxnet on their systems.
A top Iranian military officer last week accused the United States and Israel of being behind the computer worm designed to sabotage Iran’s nuclear program.
Stuxnet reportedly targeted the Bushehr nuclear power plant, where several technical problems have been blamed for delays in getting the facility fully operational.
Stuxnet targets computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
“In the past year, we’ve seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures,” said McAfee vice president Phyllis Schneck.
“What we are learning is the smart grid is not so smart,” Schneck said.
“The fact is that most critical infrastructure systems are not designed with cybersecurity in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyberattacks,” she said.
