Symantec: Global Critical Infrastructure Providers Less Aware and Engaged in Government Programs

Symantec Corp. released the findings of its 2011 Critical Infrastructure Protection (CIP) Survey, which found a drop in awareness and engagement on a global basis as measured by the CIP Participation Index. Compared to 2010, companies surveyed this year show a CIP Participation Index of 82 percent in government protection programs, down 18 points from last year. Critical infrastructure providers come from industries that are of such importance that if their cyber networks were successfully attacked and disabled, it would result in an actual threat to national security.

“The findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers,” said Dean Turner, director, Global Intelligence Network for Symantec. “Having said that, limitations on manpower and resources as mentioned by respondents help explain why critical infrastructure providers have had to prioritize and focus their efforts on more day-to-day cyber threats. However, we think that targeted attacks against critical infrastructure providers in the form of Stuxnet, Nitro and Duqu will continue. Businesses and governments around the world should be very aggressive in their efforts to promote and coordinate protection of critical industry cyber networks. These latest attacks are likely just the beginning of more targeted attacks directed at critical infrastructure.”


Survey Highlights:

  • Lower awareness and engagement in government CIP programs. This year, companies are generally less aware of their government’s CIP programs. Thirty-six percent of respondents were somewhat or completely aware of the government critical infrastructure plans being discussed in their country compared to 55 percent last year. In 2011, 37 percent of companies are completely or significantly engaged, versus 56 percent in 2010.
  • Slightly more ambivalence about government CIP programs. The survey also revealed that companies are more ambivalent in 2011 than they were in 2010 about government CIP programs. For example, when asked to voice their opinion about government CIP programs, 42 percent had no opinion or were neutral. Also, companies are now slightly less willing to cooperate with CIP programs than they were one year ago (57 versus 66 percent).
  • Global Organizations feel less prepared. It is not surprising that as an organization’s assessment of the threat drops, their readiness drops as well. Overall readiness on a global scale fell an average of eight points (from 60 to 63 percent in 2011 compared with 68 to 70 percent in 2010).

Recommendations to ensure resiliency against critical infrastructure cyber attacks:

  • Develop and enforce IT policies and automate compliance processes. By prioritizing risks and defining policies that span across all locations, organizations can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.
  • Protect information proactively by taking an information-centric approach to protect both information and interactions. Taking a content-aware approach to protecting information is key in knowing who owns the information, where sensitive information resides, who has access, and how it is coming in or leaving your organization.
  • Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
  • Protect the infrastructure by securing endpoints, messaging and Web environments. In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities. Organizations also need the visibility and security intelligence to respond to threats rapidly.
  • Ensure 24x7 availability. Organizations should implement testing methods that are non-disruptive and they can reduce complexity by automating failover. Virtual environments should be treated the same as a physical environment, showing the need for organizations to adopt more cross-platform and cross-environment tools, or standardize on fewer platforms.
  • Develop an information management strategy that includes an information retention plan and policies. Organizations need to stop using backup for archiving and legal holds, implement deduplication everywhere to free resources, use a full-featured archive system and deploy data loss prevention technologies.

Recommendations for governments to promote critical infrastructure protection:

  • Governments should continue to put forth the resources to establish government critical infrastructure programs.
    • The majority of critical infrastructure providers confirm that they are aware of government critical infrastructure programs.
    • Furthermore, a majority of critical infrastructure providers support efforts by the government to develop protection programs.
  • Governments should partner with industry associations and private enterprise groups to disseminate information to raise awareness of government CIP organizations and plans, with specifics about how a response would work in the face of a national cyber attack, what the roles of government would be, who the specific contacts are for various industries at a regional and national level, and how government and private business would share information in the event of an emergency.
  • Governments should emphasize that security is not enough to stay resilient in the face of today’s cyber attacks. Governments should also emphasize to critical infrastructure providers and enterprises that their information be stored, backed up, organized, prioritized, and that proper identity and access control processes are in place.

Symantec’s Critical Infrastructure Protection Survey

Symantec’s Critical Infrastructure Protection Survey is the result of research conducted in August and September 2011 by Applied Research, which surveyed C-level, IT professionals in SMBs and enterprises in 14 industries specifically designated as critical infrastructure industries. The report was designed to examine awareness, engagement, and readiness with regards to government CIP programs. The survey included 3,475 organizations from 37 countries in North America, EMEA (Europe, Middle East and Africa), Asia Pacific, and Latin America.

Featured

  • AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

    The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now

  • Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.