"One of the more startling results of our research is the discovery of the constant probing and assault faced by these crucial utility networks. Some electric companies report thousands of probes every month. "
As do all internet facing computers.
"Our survey data lend support to anecdotal reporting that militaries in several countries have done reconnaissance and planning for cyberattacks on other nations power grids"
McAfee repeating the same all lie over and over again.
Once more, NEVER CONNECT critical control infrastructure to public networks. Not even though a McAfee firewall.
Do not even plug them into the same network the PHB surfs 4 chan on even.
Do not confuse the spammers probing your companies email server with a cyber war on your control systems (which should not even be connected to China, let alone probe-able).
Stuxnet was planted by Russian contractors, and a more effective attack would have been if they'd hit the Siemens control boards with a spanner. So be careful who you hire for security jobs.
Forty percent of executives responsible for securing critical infrastructure such as power grids and oil, gas and water lines say that their vulnerability to attacks has increased. And 30 percent of those executives say that their companies aren’t ready for a cyberattack, according to a survey from McAfee and the Center for Strategic and International Studies.
The report, based on a survey of 200 IT security execs, indicates that critical infrastructure has become a bit more secure, but only by a modest amount.
In a nutshell, newfangled infrastructure such as smart grids aren’t being designed with cybersecurity features. Security is just the last box to be checked off during an implementation.
Overall, we found little good news about cybersecurity in the electric grid and other crucial services that depend on information technology and industrial control systems. Security improvements are modest and overmatched by the threat. Much as they may suffer from distributed denial of service attacks, these industries suffer even more from what might be called a “distributed denial of attack.” Very few companies are rising to the challenge posed by state-sponsored infiltration and potential attack. That is particularly true in the Western Hemisphere, India, and Europe. In East Asia, government regulators seem to be pursuing a more concerted campaign to bolster security substantially.
Among the key findings:
- China was seen as the country most likely to launch a network attack on critical infrastructure.
- 36 percent of respondents use tools to detect role anomalies.
- 80 percent of respondents have faced large scale denial of service attacks. A quarter of respondents see these attackes daily or weekly and have been extortion victims.
- India and Mexico have the high rate of cyber attack extortion attempts. Sixty to 80 percent of executives in these countries noted extortion attempts.
- Brazil, France and Mexico lag in security measures. China, Italy and Japan were most secure.
- China and Japan had frequent interactions with government security officials. Execs in the U.S., Spain and U.K. had little contact.
