Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

2/4/2016
04:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tripwire Study: Two-Thirds of Energy Sector IT Professionals Lack Visibility into Cyber Attacks That Cause Physical Damage

Only 35 percent of energy IT professionals accurately track all threats targeting their operational technology

PORTLAND, Ore. – February 4, 2016 – Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, today announced the results of a study conducted for Tripwire by Dimensional Research on the cyber security challenges faced by organizations in the energy sector. The study was carried out in November 2015, and respondents included over 150 IT professionals in the energy, utilities, and oil and gas industries.

According to Tripwire’s study, eighty-two percent of the respondents said a cyber attack on the operational technology (OT) in their organization could cause physical damage. However, when asked if their organization has the ability to accurately track all the threats targeting their OT networks, sixty-five percent replied, “no.”

Additional findings from the study include:

·         More than three out of four respondents (seventy-six percent) believe their organizations are targets for cyber attacks that could cause physical damage.

·         Seventy-eight percent of respondents said their organizations are potential targets for nation-state cyber attacks.

·         One-hundred percent of energy executive respondents believe a kinetic cyber attack on operational technology would cause physical damage.

“The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “These threats are not going away. They are getting worse.”

According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise. If successful, these energy sector cyber attacks could have a dramatic physical impact. In December 2015, BlackEnergy malware was used in an attack against a power plant in the Ukraine and left over 700,000 customers without electricity.

Erlin continued: “We’ve already seen the reality of these responses in the Ukraine mere months after this survey was completed. There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today. While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks.”

Additional Resources:

 

Study Results: Tripwire 2016 Energy Survey: Physical Damage

 

Blog: Nexus of Metrics: Oil and Gas Survey Results

 

About Tripwire

 

Tripwire is a leading provider of endpoint detection and response, security, compliance and IT operation solutions for enterprises, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at tripwire.com/blog or follow us on Twitter @TripwireInc.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21427
PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in v...
CVE-2021-21426
PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework ...
CVE-2020-36324
PUBLISHED: 2021-04-21
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
CVE-2020-28973
PUBLISHED: 2021-04-21
The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfig...
CVE-2021-29456
PUBLISHED: 2021-04-21
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any...