Industrial control a weak link in cybersecurity, study says

Jul 10, 2014 by Rob Lever
Wires and switches of a supercomputer are displayed on January 19, 2011 in Mountain View, California. US military officers have endorsed the principle of pre-emptive cyber-strikes if the United States ever faces an imminent and large-scale digital attack, officials said Monday.

Cybersecurity threats are rising for industrial control systems around the world, a growing target for attackers seeking to wreak havoc, a study showed Thursday.

The study by Ponemon Institute and Unisys Corp of 599 technology executives in 13 countries found that even as threats are rising, organizations are not as prepared as they should be to deal with .

The study said the risk to industrial control systems "is believed to have substantially increased," with 57 percent of the respondents citing greater threats.

"Security compromises are occurring in most companies," the report said.

"It is difficult to understand why security is not a top a priority because 67 percent of respondents say their companies have had at least one security compromise that led to the loss of confidential information or disruption to operations over the last 12 months."

About one-fourth of these breaches were due to an insider attack or inadequate internal controls, the report added.

One-third of those surveyed said their companies do not get real-time alerts, or that can be used to stop or minimize the impact of a cyber attack.

And among those who they do receive such intelligence, 22 percent of respondents say this is ineffective.

The report is the latest to suggest slow progress in improving cybersecurity for so-called critical infrastructure—which includes , utilities, oil and gas production operations and some manufacturing.

Last month, the US security firm Symantec said it identified malware targeting industrial control systems which could sabotage electric grids, power generators and pipelines.

It said the cyberattackers, probably state-sponsored, have been targeting energy operations in the United States and Europe since 2011 and were capable of causing significant damage.

According to the Ponemon-Unisys study, the majority of companies say important security countermeasures are implemented only partially or not at all.

Some said security checks fail to verify contractors, vendors and other third parties.

"People across the board recognize the problem, but as a corporate priority it is not in the top five," said Larry Ponemon, one of the authors of the study.

Unisys chief officer Dave Frymier said that for top executives to take notice there needs to be a "precipitating" event.

"Unfortunately it has to be something bad," such as a catastrophic attack, Frymier told a group of journalists.

Frymier said it is likely "that the bad guys are in all these networks" but have yet to take any action because they have not determined how to cash in or utilize their access.

The report is based on a survey of IT security professionals in the United States, Britain, Germany, Canada, Brazil, Australia, France, Mexico, Malaysia, the Netherlands, Spain, New Zealand and Colombia.

A high percentage of the security incidents—47 percent—came from a breach from actions of a "negligent employee," the study found.

While computer networks appeared to be the biggest target for attacks, 26 percent said attackers gained access through mobile devices.

"Hackers already have well-developed toolsets for intercepting and capturing data from mobile communications. These interception tools are growing in sophistication," the report said.

Explore further: Malware aims at US, Europe energy sector, researchers say

add to favorites email to friend print save as pdf

Related Stories

Recommended for you

Hackers force message on websites via US firm

1 hour ago

A U.S. firm that helps connect more than 700 companies with customers through social media says a Syrian group hacked the company's web address to upload a message to other websites.

Hacked emails slice spam fast

Nov 26, 2014

Spam spreads much faster and to more people when it is being propagated by hacked, or otherwise compromised, email accounts rather than legitimate accounts, according to research published in the International Journal of ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.