Threats to major companies and national utilities have increased over the past year as cyber threats escalate into cyber wars.
A joint report by McAfee and the Center for Strategic and International Studies (CSIS) highlights the growing concerns in companies controlling critical national infrastructure. Following a similar report issued a year ago, the In the Dark: Critical Industries Confront Cyberattacks report shows that things are rapidly getting worse.
The survey, conducted by Vanson Bourne, covers responses from 200 IT security executives managing critical infrastructures in 14 countries, including the UK. Other major findings in the report found that 40 percent believed their vulnerability had increased and 30 percent felt that they were unprepared for a cyber-attack.
This is worrying during a time when “smart grid” infrastructures are being rolled out, especially in the light of 40 percent of the security managers saying that they expected a major attack during 2011.
Although DDoS attacks are a major fear, recent attacks have been spearheaded by socially engineered phishing exploits. By targeting minor employees within companies, the attackers are playing psychological tricks to fool them into downloading backdoors onto company systems.
These employees are more concerned about putting in their hours and keeping up with deadlines than they are about adhering to security policies. The “spear phishing” attackers single out these corporate weak links rather than casting a wider net which may attract unwanted attention.
These cyber-war incidents were spotlighted by the Stuxnet attack on Iran’s nuclear industry but there have been numerous reports over the last nine years of Chinese attempts to infiltrate or destabilise western government and business systems.
Almost 70 percent of the companies surveyed by Vanson Bourne claimed that they frequently found malware designed to sabotage their systems. and 46 percent of the electricity supply companies reported finding Stuxnet on their systems.
It is companies that depend heavily on industrial supervisory control and data acquisition (SCADA) systems that feel most threatened because these attacks can bring national infrastructures to a halt.
There was a massive power outage in New York State, Ohio and Western Canada in 2003 which was basically caused by a software bug. Similarly in 2006, a large area of Europe, from Germany down to Croatia and as far west as Spain, was blacked out when a line across a river was switched off to allow a ship to pass safely. These were not cyber-terrorist attacks but demonstrate the scale of disaster that could be triggered.
“In the past year, we’ve seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures,” commented Dr Phyllis Schneck, vice president and chief technology officer for the public sector at McAfee. “The fact is that most critical infrastructure systems are not designed with cyber-security in mind and organisations need to implement stronger network controls to avoid being vulnerable to cyber-attacks.”
The study should be recommended reading for the government’s IT mandarins and advisors. The threats are becoming more frequent and their means more subtle. Rather than white papers, parliamentary bills and promises, rapid action would be a better course of action to avoid seeing severely compromised systems or, at worst, national disasters.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…