81 Percent of Energy Security Professionals at Government-Managed Organizations Concerned About ‘Catastrophic Failure’ from Likely Cyberthreats
PORTLAND, Ore. – May 11, 2018 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a survey examining industrial control systems (ICS) security at U.S. government managed energy and oil and gas organizations.
The survey was conducted by Dimensional Research in March, and its respondents included 151 IT and operational technology (OT) security professionals at energy and oil and gas companies – with 28 percent from organizations that are government-managed.
As announced in the initial overall findings, 70 percent of energy professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion. This concern is even higher within government-managed organizations, with 81 percent of those respondents believing a cyberattack could result in a catastrophic event and 64 percent indicating that a security attack on ICS systems was likely or inevitable.
“The majority of energy professionals said they wanted more government involvement in ICS security, with only 10 percent saying there should be less,” said Tim Erlin, vice president of product management and strategy at Tripwire. “This and the overall survey findings validate the priorities outlined in the Administration’s 1st cyber executive order and should further motivate government leadership to increase its current investment in ICS security.”
Other findings include:
- When asked if government guidance had helped their ICS security practices, 94 percent of total respondents indicated that government standards and guidelines are helpful best practices and described the guidelines as “excellent” and a “good start.”
- Seventy-six percent of respondents from government-managed organizations believe their companies are investing sufficiently in ICS security, which is 15 percent higher than those at non-government managed organizations.
- Phishing attacks, lack of built-in security and unpatched systems are the top three areas that leave respondents from both government and non-government managed organizations most vulnerable.
It is widely recommended that organizations properly secure their critical infrastructure ICS with a layered approach, commonly referred to as Defense in Depth. In the survey, only 20 percent of respondents at government-managed organizations said they implement a multilayered approach to ICS security. Forty-one percent said they focus primarily on network level security, and 7 percent said ICS device security.
Erlin added: “The fact that the government is now starting to dedicate actual dollars toward modernization of federal systems that ‘build security in’ is a step in the right direction on the very long road toward protecting industrial control systems.”
Tripwire is a leading provider of integrity assurance solutions that improve security, compliance and IT operations in enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together, these solutions integrate and automate security and IT operations. Tripwire’s enterprise-class portfolio includes asset discovery, vulnerability management, log collection, file integrity monitoring, and configuration management that supports all widely used industry-standard frameworks.
For more information please visit: https://www.tripwire.com/state-of-security/ics-security/70-percent-energy-security-pros-fear-digital-attacks-produce-catastrophic-failure/