04:48 PM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly
Repost This

Utilities Still Struggling With IT Security Issues, Study Says

Three-quarters of energy firms have experienced a breach in the last year; 69 percent expect more to come

Seventy-five percent of energy and utility companies have suffered an IT security breach in the past year, and the situation doesn't seem likely to improve anytime soon, according to a study published today.

According to the "State of IT Security: Study of Utilities & Energy Companies" report -- which was conducted by Ponemon Institute and sponsored by security monitoring software vendor Q1 Labs -- more than three-quarters of global energy organizations surveyed admit to having suffered at least one data breach during the past 12 months. Sixty-nine percent think a data breach is very likely or likely to occur in the coming year.

"We were surprised that utility companies didn't put a higher priority on issues like smart grid and smart meters, where there's been a lot of concern about cyberthreats," says Larry Ponemon, chairman and founder of Ponemon Institute. "Many of the people we talked to are still more focused on physical security than on cybersecurity."

It takes an average of 22 days for the energy companies in the study to detect insiders making unauthorized changes, the study says. Yet 43 percent of respondents ranked negligent or malicious insiders as their top security threat, with insiders the No. 1 root cause of data breaches among the companies surveyed.

Seventy-one percent of the respondents said their executive management team does not understand or appreciate the value of IT security, the study says. Sixty-seven percent of energy organizations were not using what they consider "state of the art" technologies to minimize risks to infrastructure-critical SCADA networks.

Respondents also expressed dissatisfaction with the tools they use to monitor their IT systems. Seventy-two percent said they don't think their monitoring systems are effective at gathering actionable intelligence, such as real-time alerts, threat analysis, and prioritization, about actual and potential exploits. Only 21 percent of global energy and utilities organizations think their existing controls can protect them against exploits and attacks through smart grid and smart meter-connected systems.

"After doing this survey, I'm more worried about the security of the power grid than I was before," Ponemon says. "In many cases, the people responsible for monitoring the cyber side are either being shot down by upper management or they don't have the right skill set to do the monitoring."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web