McAfee: Attacks on critical infrastructure are common

IT execs at utility and other key companies have told McAfee that their systems have come under attack and they expect attempts to increase
Written by Tom Espiner, Contributor

Cyberattacks on critical national infrastructure are common and are likely to increase, according to a report from McAfee.

In a survey commissioned by the security company, a majority of IT executives said the critical infrastructure organisations they work at had come under attack, ranging from denial-of-service to attempts at stealthy infiltration.

In addition, the survey of over 600 IT and security professionals at critical-national-infrastructure organisations worldwide found that just under two-thirds believe the vulnerability of their sector has increased over the past year.

"Critical infrastructure owners and operators report that their networks and control systems are under repeated cyberattack, often from high-level adversaries like foreign nation states," McAfee said in the report, published on Thursday. "Respondents believe the situation will get worse...in the future."

Critical national infrastructure organisations include utilities, oil companies, transport companies, communications companies and banks.

The majority of those surveyed believe their systems will be hard hit as a result, McAfee analyst Greg Day told ZDNet UK. "Within the next five years, 80 percent of respondents expected a critical level of outage over a 24-hour period," he said.

More than half said they have experienced large-scale distributed denial-of-service (DDoS) attacks similar to those on Estonia in April 2007, while a similar proportion, 54 percent, said their systems had been infiltrated 'by a high-level adversary' intent on stealing data.

Attacks are frequent and effective. For example, almost one-third said their companies suffer large-scale DDoS attempts more than once a month, with two-thirds of those attacks having an impact on operations. McAfee expects the efficacy of the attacks to increase as security budgets are pared back due to the recession.

It is very difficult to identify the agents behind such attacks, as attempts are often launched from infected computers belonging to innocent third parties and controlled by further infected computers, according to the report. This scenario includes botnets.

However, IT executives from all 14 countries surveyed suspect traditional adversaries, according to McAfee. For example, Chinese IT professionals see the greatest risk to critical infrastructure as coming from the US, with a small risk from Russia. US professionals suspect the Chinese of launching the majority of attacks, but also suspect the Russians. No US, Chinese or Russian executive said they suspected their own governments of infiltrating their systems.

The survey found no evidence that these suspicions are based on anything other than speculation.

The scale of the threats facing critical-national-infrastructure organisations has traditionally been difficult to gauge, as these organisations can be reluctant to admit to attacks, due to reputational damage and because others may try the same kind of attack. "No-one likes to air what happened to them," said Day.

The government's IT chief, John Suffolk, said the view of the UK government is that attacks on critical national infrastructure are likely to increase. "Cyber[attacks] will continue to grow as an issue," said Suffolk. "From a UK perspective, we need to make sure we are fully protected."

Suffolk said the government had recognised the need to take critical national infrastructure computer security seriously, and had responded by setting up initiatives such as the Centre for the Protection of National Infrastructure (CPNI) and the Cyber Security Operations Centre (CSOC) in Cheltenham.

Editorial standards