Published on the 31/07/2014 | Written by Newsdesk
An IT security blindspot has left the world’s critical infrastructure at risk from targeted attacks by nation-states and criminal organisations, and rendered other industry sectors vulnerable as a result…
A global survey has identified a major security blindspot with only 17 percent of utilities and large manufacturers having fully deployed security systems capable of protection their industrial control systems (ICS) and security control and data acquisition (SCADA) systems. A failure in these networks can bring a power plant or water utility to its knees, leaving downstream customers without essential services forcing a potentially catastrophic shutdown across multiple sectors of the economy.
A survey of 599 IT and security professionals in utilities, gas, oil, energy and manufacturers – including 49 respondents based in Australia and New Zealand – has revealed that 67 percent had experienced a disruption or loss of confidential information over the last 12 months. Almost four out of five expect to experience something similar in the coming two years.
Almost half (48 percent) of A/NZ critical infrastructure providers surveyed said they had suffered security incidents due insecure networks. A third were caused by unmanaged mobile devices and employee use of social networks.
A/NZ respondents cited negligent insiders (47 percent), denial of service attacks (41 percent) and system glitches (39 percent) as their top security threats.
The consequences of a security breach can be severe. The report cites one gas company that ran a test to check the security of its SCADA systems; when that test accidentally compromised the SCADA network, it crippled the operation and for four hours it could not transmit gas across its network, having downstream implications for customers.
The survey, conducted by the Ponemon Institute on behalf of Unisys, found that despite the high risk, security of ICS and SCADA systems was a top five priority for just 28 percent of businesses, suggesting boards are either ignorant of the issue, or wilfully stupid. The former may the case – though still inexcusable – as 52 percent of respondents said that they were unaware or unsure of the potential vulnerabilities to ICS and SCADA networks.
Even more startling given the role of these businesses within developed economies, only 43 percent of respondents agreed with the statement that they were “committed to protecting the nation’s critical infrastructure”.
Global respondents said that to date 47 percent of system breaches were accidental – which probably explains why identity and access control was seen as the most important initial solution to the problem, even though only six percent of organisations as yet provide security training to staff.
However, besides these accidental breaches, survey participants said 28 percent of breaches were the result of external attacks and 24 percent arose out of deliberate internal attacks. The report noted critical infrastructure providers were vulnerable to attacks “financed by unfriendly nation-states or criminal organisations”.
