More than 50% of critical infrastructure are vulnerable to security threats, new poll reveals

Security threats to critical infrastructure is on the rise. There is also a shift in the nature of cyber attack. The main current of cyber attack is now shifting from recreational hacker like “script kiddie” to intelligence and disruptive activities perpetrated by organization and enemy state. These “enemy states” are using various hybrid “weapons” to go after critical infrastructure like power lines, Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS).

Indegy is the leader in industrial cyber security, protects Industrial Control Systems (ICS) used in critical infrastructure, utilities and manufacturing industries against operational disruptions caused by external and internal threats. In a recent poll conducted by the company, it found that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats. As expected, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months. This should not come as a surprise.

Over the years, cyber experts have been warning corporation that their critical infrastructure vulnerable to cyber attacks. In 2015, Sony Pictures, Target and Home Depot made headlines around the world. But the bigger cyber threat, experts warned, are cyber attack on critical infrastructure: gas pipelines, electric substations, water supplies and transit networks.  “We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time,” says Barak Perelman, CEO of Indegy. “As the recent joint DHS/FBI CERT Technical Alert illustrates, adversaries have compromised facilities across the US to conduct reconnaissance and likely develop “Red Button” capability for future attacks.”

The biggest security challenge to organization is lack of visibility and control into their critical infrastructure assets. While organizations have made significant investments to secure their IT infrastructures, they have not fully addressed threats to operational technology (OT) environments. The recent Indegy poll of nearly 100 executives from various critical infrastructure organizations underscores the lack of preparedness in key sectors including energy, utilities and manufacturing. Among the key findings:

• 35% of respondents said they have little visibility into the current state of security within their environment, while 23% reported they have no visibility
• 63% claimed that insider threats and misconfigurations are the biggest security risks they currently face
• 57% said they are not confident that their organization, and other infrastructure companies, are in control of OT security
• Meanwhile, 44% of respondents indicated an increase in ICS spending was planned in the next 12 to 24 months, with 29% reporting they were not sure

Organizations need to do more to secure their critical infrastructure, mitigate industrial security threats and develop countermeasures. By providing comprehensive visibility into the control-plane engineering activities performed in operational technology networks, Indegy’s Industrial Cyber Security Platform automatically discovers all controllers (PLCs, RTUs, DCSs) on ICS networks, monitors all access and changes in real-time, and validates their integrity ensuring no unauthorized changes go undetected. Indegy enables advanced detection and response to threats that place the safety, reliability and security of industrial networks at risk before damage occurs.