Cybersecurity News

A new report out today from McAfee and the Center for Strategic and International Studies (CSIS) found that global critical infrastructure is ill-prepared for cyber attacks, at a time when threats continue to rise.

Focusing on the power, oil, gas and water sectors, the report, “In the Dark: Crucial Industries Confront Cyberattacks,” surveyed 200 executives from the critical electricity infrastructure industry in 14 countries regarding practices and policies surrounding IT security.

According to the findings, 40 percent of the executives said that cyber vulnerabilities within their industry had grown over the past year, with almost 30 percent asserting that their organization would not be prepared in the event of a cyber attack.

“What we are learning is the smart grid is not so smart,” Dr. Phyllis Schneck, vice president and chief technology officer for McAfee’s public sector, said in a statement.

“In the past year, we’ve seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures,” Schneck added.  “The fact is that most critical infrastructure systems are not designed with cybersecurity in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyber attacks.”

But when asked about cyber attack attribution, the report found that “globally, industries fear attacks by governments, and more than half of respondents say that they have already suffered from government attacks.”

In similar terms, nearly 30 percent of the executives felt that China poses the greatest concern when considering the source of a cyber attack, followed by Russia, (16 percent), the United States (12 percent) and North Korea (11 percent).

To offer up support, McAfee and CSIS provided the following recommendations needed to protect criticial infrastructure:

• “Improved authentication measures, moving away from passwords to a higher reliance on tokens and biometric identifiers.
• Better hygiene of network systems to include increased use of encryption technologies and the monitoring of network use activities for role and activity anomaly detection.
• Increased oversight of access to industrial control systems, including how they access the Internet, through the oversight and active management of Internet connections, mobile devices, and removable media.
• Effective partnerships with governments. The nature of these partnerships will vary from country to country and range from encouragement to mandatory action, but the nature of the new threats industry faces requires government involvement.”

The report, which is a follow-up to “In the Crossfire: Critical Infrastructure in the Age of Cyberwar” released last year, concluded that there was “little good news about cybersecurity in the electric grid and other crucial services that depend on information technology and industrial control systems,” noting that “security improvements are modest and overmatched by the threat.”

Seeking better cybersecurity news? Check out the following headlines:

Obama moves forward with Internet ID plan (ZDNet)

Cyber bills on their way (The Hill)

Senator seeks to end wasteful govt cybersecurity spending (Homeland Security Newswire)

Obama: Online fraud costs average victim $631 and 130 hours to recover (Internat’l Business Times)

Smart grid cybersecurity market to reach $1.3B in 2015, says Pike Research (InfoSecurity)

Smart grid will expose utilities to smart computer hackers, report finds (New York Times)

Cyber crime now an industry (Wall Street Journal)

CFATS extension approved by House subcommittee (SecurityInfoWatch)

Napolitano, Holder meet with EU counterparts (Examiner)

Shortage of skilled cyber specialists fuels debate over pay (NextGov)

Hacker sentenced to 2 years in prison for trying to destroy Rolling Stone (ABC News)

Danger seen in slashing infosec spending (GovInfoSecurity)

Data thieves target e-mail addresses (USA Today)

INTERNATIONAL ISSUES:

Iran says Siemens behind Stuxnet cyber attack (Tehran Times)

S. Korea’s largest bank network probed over cyber attack shutdown (AFP)

50% of Korean Internet users had their data leaked (Korea Times)

China hackers behind Indo-Kazakh cyber pact (Hindustan Times)

Simulated cyber attack reveals EU flaws in coordination (PCWorld)

Malta’s carbon data held back due to still unfixed cyber attack (Times of Malta)

Singapore pledges to improve cybersecurity (ZDNet)

Cyber attack in Canberra (Sidney Morning Herald)

Harakah Daily, the latest news portal to be hacked (Free Malaysia Today)

INDUSTRY NEWS:

Private sector seeks better cybersecurity collaboration (InformationWeek)

Industry urges better cooperation from government on cyber threats (NextGov)

Microsoft to issue 17 security bulletins to patch critical vulnerabilities (Press Release)

ISPs team up on cybersecurity proposal (Broadcasting & Cable)

CoSentry, Booz Allen Hamilton team to deliver solutions addressing cybersecurity risks (Press Release)