Wednesday, April 20th, 2011 - McAfee
Energy companies in Australia ahead of Europe and U.S. in adopting Smart Grid security, but lags behind China, Mexico and UAE

SYDNEY, Australia – April 20, 2011 -- McAfee and the Center for Strategic and International Studies (CSIS) today revealed the findings from a report that reflects the cost and impact of cyberattacks on critical infrastructure such as power grids, oil, gas and water. The research found threats to this sector accelerating with 90 percent of respondents from Australia believe their sector was more vulnerable to attacks in the last 12 months and 60 percent expect a major cyberattack within the next two years. In addition, nine out of 10 respondents believe their sector is not at all or not very prepared for stealthy network infiltration and 50 percent are not prepared to deal with large-scale denial of service attacks.

The report “In the Dark: Crucial Industries Confront Cyberattacks,” commissioned by McAfee and authored by CSIS, also found that the rate of security adoption is significantly trailing behind the rate at which threats are growing. The survey included 200 IT security executives from critical electricity infrastructure enterprises in 14 countries including Australia.

“The threat of cyberattacks to critical infrastructure industries has grown in the past year, but the level of response has not. Organisations need to adopt effective security measures to ensure that they are prepared to deal with cyberattacks which can result in large scale service denials and cripple essential services. Cyberextortion is now big business and cybercriminals are threatening blackouts,” said Michael Sentonas, Chief Technology Officer, McAfee Asia Pacific.

“There has been a very large government focus on Critical Infrastructure Protection in Australia. The growing sense of unpreparedness is the result of more understanding of the threat because of a big education effort for executives by the government,” said Ajoy Ghosh, Chief Information Security Officer at Logica Australia.

As Australia rolls out its National Broadband Network which will drive further adoption of Smart Grid technology, energy companies need to factor security in their plan. 75 percent of respondents in Australia’s energy sector have adopted security for smart grid controls; placing the country behind China, Mexico and UAE at 100 percent, but well ahead of the UK and US at 43 percent and 63 percent respectively.

“What we are learning is the smart grid is not so smart,” said Phyllis Schneck, vice president and chief technology officer for public sector intelligence at McAfee. “In the past year, we’ve seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures. The fact is that most critical infrastructure systems are not designed with cybersecurity in mind, and organisations need to implement stronger network controls, to avoid being vulnerable to cyberattacks.”

Executives in Australia also believe that there is room for improvement with regards to government involvement. Seven out of 10 believe that the current law in Australia is not adequate to deter potential attacks against computer networks, up 17 percent from last year. Only 20 percent regularly seek and receive information from government agencies on how to secure their networks or respond to intrusions or attacks.
Globally, industry executives made modest progress over the past year in securing their networks, as the energy sector increased its adoption of security technologies by only a single percentage point (51 percent), and oil and gas industries increased only by three percentage points (48 percent).

The report is a follow up to a report released in 2010 called “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” that found that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattcks on these networks. The new study reveals that while the threat level to these infrastructures has accelerated, the response level has not, even after the majority of respondents frequently found malware designed to sabotage their systems (approximately 75 percent), and nearly half of respondents in the electric industry sector reported that they found Stuxnet on their systems. This threat to infrastructures also includes electrical smart grids, which are growing in adoption and expected to have exceeded $45 billion in global spending in 2010.

Other key report findings from this year’s report include the following:

• Cyberattacks still prevalent: Eighty percent of respondents have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks.
• Organisations failing to adopt effective security: Sophisticated security measures placed upon offsite users are in the minority, with only about a quarter of those surveyed implementing tools to monitor network activity, and only about 26 percent use tools to detect role anomalies.
• Security conscious countries: Brazil, France and Mexico are lagging in their security measures, adopting only half as many security measures as leading countries China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries.
• Organisations fear government attacks: More than half of respondents say that they have already suffered from government attacks. Australian respondents viewed Russia as a major concern in developing cyber attacks, followed by China

About the report:
McAfee commissioned Vanson Bourne, a specialist research-based technology marketing consultancy, to survey more than 200 IT executives in the energy, oil/gas and water sectors, responsible for information technology security, general security and industrial control systems in 14 countries (Australia, Brazil, China, France, Germany, India, Italy, Japan, Mexico, Russia, Spain, the United Arab Emirates/Dubai, the United Kingdom and the United States). CSIS then analysed the quantitative results, conducted additional research and authored the report.
To download “In the Dark: Crucial Industries Confront Cyberattacks,” please visit www.mcafee.com/cip_report.

Contact Profile

McAfee


McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivalled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com
Amanda Koh
P: (02) 9291 3318
M: 0424429336
W: www.mcafee.com

CSIS


The Center for Strategic and International Studies (CSIS) is a bipartisan, non-profit organisation founded in 1962 and headquartered in Washington, D.C. It seeks to advance global security and prosperity by providing strategic insights and policy solutions to decision makers.

Keywords

McAfee, Cyber security, Smart Grids, Australia

Categories

Sharing

More Formats