Security Experts:

Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey

Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.

The study is based on a survey of over 1,700 individuals working in the utilities sector in North America, Latin America, Europe, the Middle East, and the Asia-Pacific region. The respondents included technicians, managers, directors, supervisors and senior executives.

A majority of respondents believe that cyber threats pose a greater risk to their operational technology (OT) systems than to information technology (IT) systems. Nearly two-thirds view sophisticated cyberattacks as a top challenge and 56% have reported being hit by at least one attack involving loss of private information or an outage in their OT environment in the past year. Four percent of respondents said they had experienced 10 or more such incidents.

Over half of respondents expect a cyberattack on critical infrastructure in the next year, but those who took part in the study believe that 30% of attacks on OT systems are not detected.

The utilities industry is mainly concerned that a cyberattack could result in a significant environmental incident, that it can result in the theft of confidential information, and that equipment can be damaged.

However, insiders account for a majority of attacks on OT systems, the report shows.

Learn More About the Threats Faced by the Utilities Sector at SecurityWeek’s 2019 ICS Cyber Security Conference

In terms of readiness, 42% of respondents have rated their cyber readiness as high, but smaller organizations are more concerned about their ability to detect and contain threats.

On average, it took organizations 72 days to respond to a malware attack — 88 days in the case of smaller entities and 62 days in the case of larger ones.

The main challenges in terms of managing OT security are the rise in sophisticated attacks (61% of respondents), lack of skilled workers (56%), isolated and fragmented systems (55%), rapid detection of breaches and exploits (52%), and no clear ownership (42%).

Big data or AI monitoring is used in the organizations of 18% of respondents, most commonly in the United States.

“Increasing electrification across a range of sectors is a crucial piece in the decarbonization puzzle, but, as the Siemens and Ponemon Institute report documents, an increase in grid-connected infrastructure creates additional vulnerabilities to cyber attacks,” said Randy Bell, director of the Atlantic Council Global Energy Center.

He added, “A devastating attack would not only harm the economy, but it could also slow down the rate of electrification. This report provides recommendations to help utilities better address these risks. Getting this right is not only important for the security of our electricity system, but also for achieving our climate goals.”

Related: Utilities Fear Cyberattacks Could Cause Electric Grid Disruptions

Related: Additional U.S. Utilities Targeted With LookBack Malware

Related: Cyberattack Disrupted Firewalls at U.S. Power Utility

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.