Department of Homeland Security says energy sector faces more cyber attacks than any other industry
America’s energy sector is under attack and the pack of the assault is rapidly rising, according to a new study of cyber attacks on IT systems by Dimensional Research for Tripwire, Inc.
When asked if their organization had experienced a rise in successful cyber attacks in the last 12 months, seventy-seven per cent of the respondents in Tripwire’s study replied, “yes.”
“It’s tempting to believe that this increase in attacks is horizontal across industries, but the data shows that energy organizations are experiencing a disproportionately large increase when compared to other industries,” said Tim Erlin, director of IT security and risk strategy for Tripwire.
In addition, more than two-thirds of the respondents (sixty-eight per cent) said the rate of successful cyber attacks had increased by over twenty per cent in the last month.
“At the same time, energy organizations face unique challenges in protecting industrial control systems and SCADA assets,” said Erlin.
The study, which was carried out in Nov. 2015, assessed cyber security challenges faced by organizations in the energy sector. Study respondents included over 150 IT professionals in the energy, utilities, and oil and gas industries.
Additional findings from the study include:
- Energy executives were more than twice as likely to believe their organization detected every cyber attack (forty-three per cent) than non executives (seventeen per cent).
- In the last 12 months, seventy-eight per cent of the respondents said they experienced a cyber attack from an external source, and thirty per cent have seen an attack from an inside employee.
- Forty-four per cent of the respondents indicated they have not gathered enough information to identify the sources of cyber attacks on their organizations.
- Nearly one-fourth (twenty-two per cent) of the respondents admitted their organizations do not have business processes to identify sensitive and confidential information.
“Detecting attacks successfully is the midpoint of the overall process. Energy organizations need to invest in greater prevention and forensic tools to decrease the rate of successful attacks and fully investigate those they can’t prevent,” said Erlin.
According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry.
Despite these escalating risks, the energy sector faces serious challenges responding to security threats effectively.
For example, the results of the North American Electric Reliability Corporation’s (NERC) GridEx III “cyberwar games” revealed significant challenges with the cyber threat intelligence practices of grid operators.
In addition to this study, Tripwire conducted a survey of 200 security professionals attending RSA Conference 2016.
When asked if a cyber attack would cause physical damage to critical infrastructure in 2016, eighty-three per cent of the respondents replied, “yes.”
In addition, seventy-three per cent of respondents to this second survey said critical infrastructure providers are more vulnerable to ransomware attacks than other organizations.