New research from Unisys Corporation finds alarming gaps in the security of the world’s critical infrastructure. Nearly 70 per cent of companies surveyed that are responsible for the world’s power, water and other critical functions have reported at least one security breach that led to the loss of confidential information or disruption of operations in the past 12 months, according to a survey released recently in partnership with the Ponemon Institute.
In a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies, 64 per cent of respondents anticipated one or more serious attacks in the coming year. Despite this risk, only 28 per cent ranked security as one of the top five strategic priorities for their organisation, while a majority named their top business priority as minimising downtime.
The survey also highlighted the concerns many of these executives feel regarding the security of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, which monitor and control the processes and operations for power generation and other critical infrastructure functions. When asked about the likelihood of an attack on their organizations’ ICS or SCADA systems, 78 per cent of the senior security officials responded that a successful attack is at least somewhat likely within the next 24 months. Just 21 per cent of respondents thought that the risk level to ICS and SCADA has substantially decreased because of regulations and industry-based security standards, which means that tighter controls and better adoption of standards are needed.
This research report comes at the same time that an international organised cybercrime network, composed mostly of Romanian citizens, was successfully taken down in Romania and France with the support of the European Cybercrime Centre (EC3) at Europol.
The cybercrime network is suspected of sophisticated electronic payment crimes including intrusions into international non-cash payment systems (through malware attacks), illegal worldwide financial transactions and money transfers, card data compromising (via skimming attacks), money laundering and drug trafficking. Members of this criminal network were using malware – RAT (Remote Access Tool) with key logger functionality - to take over and gain access to computers used by money transfer services all over Europe (Austria, Belgium, Germany, Norway, UK).
Critical Infrastructure Protection & Resilience Europe, incorporating Critical Information Infrastructure Protection (cybersecurity), will take place in The Hague on March 4 – 5, 2015 and brings together leading stakeholders from industry, operators, agencies and governments to debate and collaborate on securing Europe’s critical infrastructure.
The ever-changing nature of threats, whether natural through climate change, or man-made through terrorism activities, either physical or cyber attacks, means the need to continually review and update policies, practices and technologies to meet these growing demands.
With the increasing threat from cyber attacks on critical infrastructure, the information and data stored and used by CNI systems and operators can be more crucial than the system itself. CIIP is becoming ever more important as part of the cyber security strategy of an organisation or CNI operator.