Energy industry at risk of cyberattack, survey says
Critical infrastructure insiders from Europe and North America say energy industry is the worst prepared for cyberattacks while financial services industry is best prepared.
Asked which industry is the biggest target for cyberattack, critical infrastructure insiders in the U.S., Canada, and Europe point to the energy sector.
The energy industry also is the most vulnerable to cyberattacks and would have the most detrimental breach, while the financial sector is the best prepared in the case of a cyberattack, according to the survey sponsored by security firm Secure Computing. All other industries were deemed to be "not prepared" by greater than 50 percent of the respondents.
Survey participants from the U.S. and Canada were also asked how soon major exploits of critical infrastructure were likely to occur and more than half said they had already begun. Another 14 percent predicted that a major exploit was likely in the next 12 months. Only 2 percent said there would never be a severe exploit, according to the research released Monday.
Concerns about cyberattacks on the energy sector spurred U.S. lawmakers to consider legislation to broaden federal authority over electric companies in September.
Contributing to the increased vulnerability in the energy industry are: an increase in the number of access points through the use of sensors, smart meters, and third-party contractors with remote access capability; use of more IP-based networks; integration between corporate and operational networks; reliance on standard or commodity IT platforms such as Microsoft Windows; and lack of attention to security by network automation and control system vendors, according to a white paper on the research written by Energy Insights.
The biggest bottleneck to improving the security of critical infrastructure is cost, followed by apathy. Government bureaucracy and internal issues were tied for third place.
Nearly 200 industry leaders from the critical infrastructure industries completed the survey at industry events in August and September.
Security experts have discussed how easy it would be to break into a power plant. Cybersecurity worries prompted U.S. lawmakers in September to consider legislation to broaden federal authority over electric companies.
