Energy firms unprepared for cyber attacks

gallery

Energy firms are expecting to be hit by cyber attacks in the not too distant future but are not prepared to deal with them.

So claims security specialist McAfee, who believes smart grids could be a real soft spot for energy companies in the coming years.

With more than half (56 per cent) of executives planning on connecting consumers to these grids via the internet, there could be trouble ahead, according to McAfee.

Although the majority admitted security vulnerabilities would arise from introducing these new systems, a third of global executives surveyed said they had not introduced special security measures to deal with the threats.

Jim Woolsey, former US director of central intelligence, is quoted in the report as saying 90 to 95 per cent of people working on the smart grid are not concerned about security.

They “only see it as a last box they have to check,” Woolsey said.

It appears most critical infrastructure providers (CIPs) have had to deal with strong attacks in the recent past.

Eight out of 10 respondents said they had faced a large scale denial of service attack in 2010, with 85 per cent admitting to having experienced a network infiltration.

Furthermore, 40 per cent of CIP executives discovered Stuxnet in their environments, yet only 57 per cent of these launched special security audits or other measures in response.

The report, the preview version of which IT PRO managed to get its hands on, was carried out with the support of Centre for Strategic and International Studies – a well-respected think tank from Washington DC.

The full report will be issued later in 2011.

It will come hot on the heels of a McAfee investigation into what it called the Night Dragon operation.

An unnamed selection of oil, energy and petrochemical firms were targeted by cyber criminals, in attacks that may have started as long ago as 2007.

The attacks, which used a range of techniques, appeared to have been coordinated from a central point, indicating the Night Dragon hackers were part of one global.

Symantec research from last year showed more than half of critical infrastructure providers believed their networks had been targeted by politically motivated cyber attacks.

Meanwhile, Stuxnet has continued to make headlines. A member of Anonymous recently claimed to be in control of the now infamous malware.

However, Snorre Fagerland, a senior threat researcher at Norman IT Security, claimed in a tweet that Anonymous only had Stuxnet binaries and disassembly, not the original source.

Email to a friend

Print this page