Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Infographic: 70 Percent of World's Critical Utilities Breached
Newest First  |  Oldest First  |  Threaded View
mcohn201
50%
50%
mcohn201,
User Rank: Author
8/20/2014 | 10:11:51 PM
Re: What do you mean by breach?

@Marily Cohodas – The breakdown was that 32% experienced at least 1 incident in the last year, 18% had 2 to 5 incidents, and 17% experienced more than 5 incidents.  While we don't have specifics on what "confidential information" was compromised or the length of disruptions from this study, we know that databases, end user devices (desktops, laptops, smartphones, and tablets) and cloud-based systems took the top 3 slots for most frequently compromised as a result of security breaches over that year followed by servers and industrial control systems.

mcohn201
100%
0%
mcohn201,
User Rank: Author
8/20/2014 | 10:09:28 PM
Re: Silicon Valley substation attack a prototype?

@Bprince - The data covers both.  Our Ponemon partner plans to follow on with a scaled down ICS–focused survey targeting respondents on the ICS side.

mcohn201
100%
0%
mcohn201,
User Rank: Author
8/20/2014 | 10:08:35 PM
Re: Silicon Valley substation attack a prototype?

@Charlie Babcock - Interesting you reference that incident. We tend to think from an IoT perspective about the importance of infosec and physical security professionals working together at strategic and tactical levels to protect corporate or government assets. But my impression is that was a pure physical attack:  rifle fire after advance recon and comm lines cut with shell casings wiped clean.  It highlights uncomfortable vulnerability to physical attack of critical infrastructure and presence of a capable threat actor with military mindset.

GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
8/18/2014 | 3:27:54 PM
Re: Misleading research?
The loss or disruption of operations could be the result of a breach.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/18/2014 | 10:13:34 AM
Misleading research?

Post from Twitter "clappymonkeyAug 17, 3:51pm via Twitter for Android" questioning the research:

@DarkReading A loss of operation is not a breach. Misleading research is misleading

Thoughts anyone?

Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
8/18/2014 | 7:52:26 AM
What do you mean by breach?
Mark  -- Can you give us some context for the statistic that 68 percent or respondents reported at least "one security compromise that led to the loss of confidential information or disruption of services"? How much information? How long of a disruption? Are there any more details you can share?

That said, an even  more disturbing number is the percentage (26%) of utility security execs who say they can effectively manage security risks...

 
Bprince
50%
50%
Bprince,
User Rank: Ninja
8/15/2014 | 8:39:36 PM
Re: Silicon Valley substation attack a prototype?
Wow. That's disturbing. 70 percent seems extremely high. I'm legitimately surprised at that number. But are these corporate network issues or control system issues? Still bad either way, but much more serious if these are ICS.

BP
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Ninja
8/15/2014 | 7:33:01 PM
Silicon Valley substation attack a prototype?
I suspect the public utility infrastructure is more vulnerable than we realize. There was an incident earlier this year -- almost a proof of concept test -- of a physical attack on a PG&E Silicon Valley electricity substation. Vandals with rifles from a safe distance took out several transformers, then disappeared long before any authorities could get there. They had plotted their approach and exit carefully, along routes that made their apprehension quite improbable. No special training or tools required. No one caught.


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11289
PUBLISHED: 2021-05-07
Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapd...
CVE-2020-11293
PUBLISHED: 2021-05-07
Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Vo...
CVE-2020-11294
PUBLISHED: 2021-05-07
Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2020-11295
PUBLISHED: 2021-05-07
Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-1891
PUBLISHED: 2021-05-07
A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdrago...