Energy industry likely prime cyber attack target

When asked which industry is the biggest target for cyberattack, critical infrastructure insiders in the United States, Canada, and Europe point to the energy sector. The energy industry is also the most vulnerable to cyberattacks and would have the most detrimental breach, while the financial sector is the best prepared in the case of a cyberattack, according to a survey sponsored by security firm Secure Computing. All other industries were deemed to be “not prepared” by more than 50 percent of the respondents.

ZDNet’s Elinor Mills writes that survey participants from the United States and Canada were also asked how soon major exploits of critical infrastructure were likely to occur and more than half said they had already begun. Another 14 percent predicted that a major exploit was likely in the next twelve months. Only two percent said there would never be a severe exploit, according to the research, released earlier this week. In September, concerns about cyberattacks on the energy sector spurred U.S. lawmakers to consider legislation to broaden federal authority over electric companies.

Mills writes that contributing to the increased vulnerability in the energy industry are: an increase in the number of access points through the use of sensors, smart meters and third-party contractors with remote-access capability; use of more IP-based networks; integration between corporate and operational networks; reliance on standard or commodity IT platforms such as Microsoft Windows; and lack of attention to security by network automation and control system vendors, according to a white paper on the research written by Energy Insights.

The biggest bottleneck to improving the security of critical infrastructure is cost, followed by apathy. Government bureaucracy and internal issues were tied for third place.

Nearly 200 industry leaders from the critical infrastructure industries completed the survey at industry events in August and September.