Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey

Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.

Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.

The study is based on a survey of over 1,700 individuals working in the utilities sector in North America, Latin America, Europe, the Middle East, and the Asia-Pacific region. The respondents included technicians, managers, directors, supervisors and senior executives.

A majority of respondents believe that cyber threats pose a greater risk to their operational technology (OT) systems than to information technology (IT) systems. Nearly two-thirds view sophisticated cyberattacks as a top challenge and 56% have reported being hit by at least one attack involving loss of private information or an outage in their OT environment in the past year. Four percent of respondents said they had experienced 10 or more such incidents.

Over half of respondents expect a cyberattack on critical infrastructure in the next year, but those who took part in the study believe that 30% of attacks on OT systems are not detected.

The utilities industry is mainly concerned that a cyberattack could result in a significant environmental incident, that it can result in the theft of confidential information, and that equipment can be damaged.

However, insiders account for a majority of attacks on OT systems, the report shows.

Learn More About the Threats Faced by the Utilities Sector at SecurityWeek’s 2019 ICS Cyber Security Conference

Advertisement. Scroll to continue reading.

In terms of readiness, 42% of respondents have rated their cyber readiness as high, but smaller organizations are more concerned about their ability to detect and contain threats.

On average, it took organizations 72 days to respond to a malware attack — 88 days in the case of smaller entities and 62 days in the case of larger ones.

The main challenges in terms of managing OT security are the rise in sophisticated attacks (61% of respondents), lack of skilled workers (56%), isolated and fragmented systems (55%), rapid detection of breaches and exploits (52%), and no clear ownership (42%).

Big data or AI monitoring is used in the organizations of 18% of respondents, most commonly in the United States.

“Increasing electrification across a range of sectors is a crucial piece in the decarbonization puzzle, but, as the Siemens and Ponemon Institute report documents, an increase in grid-connected infrastructure creates additional vulnerabilities to cyber attacks,” said Randy Bell, director of the Atlantic Council Global Energy Center.

He added, “A devastating attack would not only harm the economy, but it could also slow down the rate of electrification. This report provides recommendations to help utilities better address these risks. Getting this right is not only important for the security of our electricity system, but also for achieving our climate goals.”

Related: Utilities Fear Cyberattacks Could Cause Electric Grid Disruptions

Related: Additional U.S. Utilities Targeted With LookBack Malware

Related: Cyberattack Disrupted Firewalls at U.S. Power Utility

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...