Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey

Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.

Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.

The study is based on a survey of over 1,700 individuals working in the utilities sector in North America, Latin America, Europe, the Middle East, and the Asia-Pacific region. The respondents included technicians, managers, directors, supervisors and senior executives.

A majority of respondents believe that cyber threats pose a greater risk to their operational technology (OT) systems than to information technology (IT) systems. Nearly two-thirds view sophisticated cyberattacks as a top challenge and 56% have reported being hit by at least one attack involving loss of private information or an outage in their OT environment in the past year. Four percent of respondents said they had experienced 10 or more such incidents.

Over half of respondents expect a cyberattack on critical infrastructure in the next year, but those who took part in the study believe that 30% of attacks on OT systems are not detected.

The utilities industry is mainly concerned that a cyberattack could result in a significant environmental incident, that it can result in the theft of confidential information, and that equipment can be damaged.

However, insiders account for a majority of attacks on OT systems, the report shows.

Learn More About the Threats Faced by the Utilities Sector at SecurityWeek’s 2019 ICS Cyber Security Conference

In terms of readiness, 42% of respondents have rated their cyber readiness as high, but smaller organizations are more concerned about their ability to detect and contain threats.

Advertisement. Scroll to continue reading.

On average, it took organizations 72 days to respond to a malware attack — 88 days in the case of smaller entities and 62 days in the case of larger ones.

The main challenges in terms of managing OT security are the rise in sophisticated attacks (61% of respondents), lack of skilled workers (56%), isolated and fragmented systems (55%), rapid detection of breaches and exploits (52%), and no clear ownership (42%).

Big data or AI monitoring is used in the organizations of 18% of respondents, most commonly in the United States.

“Increasing electrification across a range of sectors is a crucial piece in the decarbonization puzzle, but, as the Siemens and Ponemon Institute report documents, an increase in grid-connected infrastructure creates additional vulnerabilities to cyber attacks,” said Randy Bell, director of the Atlantic Council Global Energy Center.

He added, “A devastating attack would not only harm the economy, but it could also slow down the rate of electrification. This report provides recommendations to help utilities better address these risks. Getting this right is not only important for the security of our electricity system, but also for achieving our climate goals.”

Related: Utilities Fear Cyberattacks Could Cause Electric Grid Disruptions

Related: Additional U.S. Utilities Targeted With LookBack Malware

Related: Cyberattack Disrupted Firewalls at U.S. Power Utility

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Former Barclay’s CISO Oliver Newbury has joined ransomware protection firm Halcyon as a strategic advisor

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.