Report Reveals Dramatic Increase In Cyberattacks, Sabotage On Critical Infrastructure

  • Apr 20, 2011

 McAfee and the Center for Strategic and International Studies (CSIS) recently revealed the findings from a report that reflects the cost and impact of cyberattacks on critical infrastructure such as power grids, oil, gas and water. The survey of 200 IT security executives from critical electricity infrastructure enterprises in 14 countries found that 40 percent of executives believed that their industry’s vulnerability had increased. Nearly 30 percent believed their company was not prepared for a cyberattack and more than 40 percent expect a major cyberattack within the next year.

The report “In the Dark: Crucial Industries Confront Cyberattacks,” was commissioned by McAfee and produced by CSIS. “We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study for CSIS. Industry executives made modest progress over the past year in securing their networks, as the energy sector increased its adoption of security technologies by only a single percentage point (51 percent), and oil and gas industries increased only by three percentage points (48 percent).

“Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check,” said Jim Woolsey, former United States Director of Central Intelligence.

The report is a follow-up to a report released in 2010 called “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” that found that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattacks on these networks. The new study reveals that while the threat level to these infrastructures has accelerated, the response level has not, even after the majority of respondents frequently found malware designed to sabotage their systems (nearly 70 percent), and nearly half of respondents in the electric industry sector reported that they found Stuxnet on their systems. This threat to infrastructures also includes electrical smart grids, which are growing in adoption and expected to have exceeded $45 billion in global spending in 2015.

“What we are learning is the smart grid is not so smart,” said Dr. Phyllis Schneck, vice president and chief technology officer for public sector, McAfee. “In the past year, we’ve seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures. The fact is that most critical infrastructure systems are not designed with cybersecurity in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyberattacks.”

Other key report findings from this year’s report include the following:

  • Cyberattacks still prevalent: Eighty percent of respondents have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks.
  • Extortion attempts were more frequent in the CIP sectors: One in four survey respondents have been victims of extortion through cyberattacks or threatened cyberattacks. The number of companies subject to extortion increased by 25 percent in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure. The countries of India and Mexico have a high rate of extortion attempts; 60 to 80 percent of executives surveyed in these countries reported extortion attempts.
  • Organizations failing to adopt effective security: Sophisticated security measures placed upon offsite users are in the minority, with only a quarter of those surveyed implementing tools to monitor network activity, and only about 36 percent use tools to detect role anomalies.
  • Security conscious countries: Brazil, France and Mexico are lagging in their security measures, adopting only half as many security measures as leading countries China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries.
  • U.S. and Europe falling behind Asia in government involvement: Respondents in China and Japan reported high levels of both formal and informal interaction with their government on security topics, while the U.S., Spain and U.K. indicated little to no contact.
  • Organizations fear government attacks: More than half of respondents say that they have already suffered from government attacks.

Featured

  • Agentic AI Will Revolutionize Cybercrime in 2025 According to New Report

    Malwarebytes, a provider in real-time cyber protection, recently released its 2025 State of Malware report, which reveals insight into the emergence of agentic artificial intelligence (AI), plus the year’s most prominent threats and cybercrime tactics. The report details a significant uptick in the number of known ransomware attacks, the total value of ransoms paid in 2024, and how IT teams can address them. Read Now

  • ESX 2025 Announces Expanded Schedule of Events

    ESX has announced its dynamic 2025 schedule, set to provide an unparalleled experience for professionals in the electronic security and life safety industry. Taking place June 16-19 at the Cobb Galleria Centre, this year’s event features an expanded lineup of educational sessions, hands-on workshops, inspiring main stage speakers, networking opportunities, and an engaging expo floor showcasing the latest technology. Read Now

  • City of New Orleans Launches NOLA Ready Public Safety App Before Super Bowl

    The City of New Orleans Office of Homeland Security and Emergency Preparedness (NOHSEP) is pleased to announce the official launch of the NOLA Ready Public Safety App, powered by Motorola Solutions. This new mobile application is designed to enhance public safety and emergency preparedness for both residents and visitors. All individuals planning to attend major events in New Orleans, including the Super Bowl, Mardi Gras, and other large gatherings, are encouraged to download the app. Read Now

  • 5 Tips to Improve Your Password Security

    Change Your Password Day is right around the corner. Observed every year on February 1, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. Read Now

Most   Popular

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.