In association with heise online

19 April 2011, 12:14

Insufficiently prepared infrastructure firms increasingly under attack

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A new study written jointly by McAfee and the Center for Strategic International Studies (CSIS) concludes that utility companies are increasingly under threat from targeted attacks and yet many are simply not taking the proper precautions to protect their systems. The report, to be published later today (Tuesday 19 April) and entitled "In the Dark - Crucial Industries Confront Cyberattacks", is based on a survey of 200 IT executives in 14 countries. The executives all work in companies involved with "critical infrastructure that depends most heavily on industrial control systems".

The problem of targeted attacks against infrastructure control systems was highlighted last year with the emergence of the Stuxnet worm which was targeted against specific equipment in the Iranian Natanz nuclear facility. Regardless of the origin or target, the worm demonstrated the principle of such an attack, and its code has reportedly been traded on the black market. Stuxnet is considered to have caused real damage at the Natanz facility, and the implication is that similar damage could possibly be caused to infrastructure companies such as those involved in electricity, gas, water, transport, and so forth.

Of the executives surveyed, 80 per cent reported attacks in the last year, although most of these were not of the Stuxnet kind, but rather distributed denial of service attacks (DDoS). However, 70 per cent reported as having in the same time-frame discovered on their systems malware targeted to cause damage. 25 per cent reported that either actual attacks or threats of attack had been used in attempts to extort payment, most notably in Mexico and India.

A CSIS spokesman was quoted as saying that "The message is that our industrial control systems are very, very vulnerable to attack and the security we have installed today is insufficient to protect us ... I'm concerned that (the industry) is not getting that message, despite having the evidence in front of us."

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit