Research conducted by Lloyd’s of London insurer Aegis London documents a shift form attacks focused on breaching sensitive data to those which target critical infrastructure, according to a new report.
The research highlighted that the technology used to control systems governing critical infrastructure is increasingly at risk of cyber attack, and that sate-sponsored attacks continue to evolve in sophistication and volume, and are a major threat to power and utility company networks.
“The US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team (US-CERT) responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China,” Aegis reported.
The study, which focused on power and utility companies based in the US, UK, Canada and Europe, was commissioned by AEGIS and conducted by BAE Systems Applied Intelligence (BAE).
“Cyber attacks are no longer focused solely on IT environments. Cyber terrorists have turned their attention to operational technologies and the critical infrastructure they support,” said Alan Maguire, Chairman of AEGIS London.
Key findings include:
- The overwhelming majority of respondents, as well as specialists and vendors who work with energy companies and utilities, believe it is not a matter of “if” – but “when” – there will be a cyber attack of major significance and impact on critical operational infrastructure such as the electric grid
- Power companies are better prepared to deal with cyber threats to their operational technology than many recent media reports have indicated. These organizations have a good understanding of the cyber threats they face
- The biggest challenges energy companies and utilities face are constraints outside their control such as the lack of ‘adequate and mature technology solutions’
“We believe that vulnerabilities in and threats to operational technology have the potential to lead to business interruption or significant loss of operating capability and availability,” added David Croom-Johnson, Active Underwriter at AEGIS London. “These represent some of the most acute organisational risks currently facing critical in frastructure.”
Read More Here (PDF)…