IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Energy firms unprepared for cyber attacks

Energy providers recognise the threats they face, but some are not responding with the tech to protect themselves, data shows.

Energy

Energy firms are expecting to be hit by cyber attacks in the not too distant future but are not prepared to deal with them.

So claims security specialist McAfee, who believes smart grids could be a real soft spot for energy companies in the coming years.

With more than half (56 per cent) of executives planning on connecting consumers to these grids via the internet, there could be trouble ahead, according to McAfee.

Although the majority admitted security vulnerabilities would arise from introducing these new systems, a third of global executives surveyed said they had not introduced special security measures to deal with the threats.

Jim Woolsey, former US director of central intelligence, is quoted in the report as saying 90 to 95 per cent of people working on the smart grid are not concerned about security.

They "only see it as a last box they have to check," Woolsey said.

It appears most critical infrastructure providers (CIPs) have had to deal with strong attacks in the recent past.

Eight out of 10 respondents said they had faced a large scale denial of service attack in 2010, with 85 per cent admitting to having experienced a network infiltration.

Furthermore, 40 per cent of CIP executives discovered Stuxnet in their environments, yet only 57 per cent of these launched special security audits or other measures in response.

The report, the preview version of which IT PRO managed to get its hands on, was carried out with the support of Centre for Strategic and International Studies a well-respected think tank from Washington DC.

The full report will be issued later in 2011.

It will come hot on the heels of a McAfee investigation into what it called the Night Dragon operation.

An unnamed selection of oil, energy and petrochemical firms were targeted by cyber criminals, in attacks that may have started as long ago as 2007.

The attacks, which used a range of techniques, appeared to have been coordinated from a central point, indicating the Night Dragon hackers were part of one global.

Symantec research from last year showed more than half of critical infrastructure providers believed their networks had been targeted by politically motivated cyber attacks.

Meanwhile, Stuxnet has continued to make headlines. A member of Anonymous recently claimed to be in control of the now infamous malware.

However, Snorre Fagerland, a senior threat researcher at Norman IT Security, claimed in a tweet that Anonymous only had Stuxnet binaries and disassembly, not the original source.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

McAfee Total Protection review: Expensive at full price
antivirus

McAfee Total Protection review: Expensive at full price

2 Nov 2021
McAfee’s zero trust solution strengthens private applications’ security
cyber security

McAfee’s zero trust solution strengthens private applications’ security

3 Aug 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022