Forty percent of executives responsible for securing critical infrastructure such as power grids and oil, gas and water lines say that their vulnerability to attacks has increased. And 30 percent of those executives say that their companies aren't ready for a cyberattack, according to a survey from McAfee and the Center for Strategic and International Studies.
The report, based on a survey of 200 IT security execs, indicates that critical infrastructure has become a bit more secure, but only by a modest amount.
In a nutshell, newfangled infrastructure such as smart grids aren't being designed with cybersecurity features. Security is just the last box to be checked off during an implementation.
Overall, we found little good news about cybersecurity in the electric grid and other crucial services that depend on information technology and industrial control systems. Security improvements are modest and overmatched by the threat. Much as they may suffer from distributed denial of service attacks, these industries suffer even more from what might be called a “distributed denial of attack.” Very few companies are rising to the challenge posed by state-sponsored infiltration and potential attack. That is particularly true in the Western Hemisphere, India, and Europe. In East Asia, government regulators seem to be pursuing a more concerted campaign to bolster security substantially.
Among the key findings:
- China was seen as the country most likely to launch a network attack on critical infrastructure.
- 36 percent of respondents use tools to detect role anomalies.
- 80 percent of respondents have faced large scale denial of service attacks. A quarter of respondents see these attackes daily or weekly and have been extortion victims.
- India and Mexico have the high rate of cyber attack extortion attempts. Sixty to 80 percent of executives in these countries noted extortion attempts.
- Brazil, France and Mexico lag in security measures. China, Italy and Japan were most secure.
- China and Japan had frequent interactions with government security officials. Execs in the U.S., Spain and U.K. had little contact.