April 20, 2018
Last month, a joint technical alert issued by the FBI and the Department of Homeland Security put Americans on notice that Russia has hacked into critical U.S. energy infrastructure—and is capable of bring the grid down, at a time of its own choosing.
Just how concerned are energy security professionals? To find out, Dimensional Research conducted a poll on behalf of Tripwire among 151 IT and operational technology security professionals at energy and oil and gas companies.
The responses to the poll are scary enough to keep both energy professionals and the American public up at night: Close to all participants said they feared operational shutdowns and threats to their employees’ safety at 97% and 96%, respectively.
What’s more, fully 70% percent of these security professionals feared more dire consequences like an explosion and other “catastrophic failures.”
But they are on the case: 59% of those polled said their companies already have begun to increase security investments because of Incident Command System (ICS)-targeted attacks like Trisis/Triton, Industroyer/CrashOverride and Stuxnet. However, many feel they still don’t have the proper level of investment to meet ICS security goals.
Disturbingly enough, more than half (56%) of respondents to Tripwire’s survey felt it would take a significant attack to get their companies to invest in security properly
This may be the reason why just 35% of participants are taking a multilayered approach to ICS security – widely recognized as a best practice. Thirty-four percent said they were focusing primarily on network security; and 14%, on ICS device security.
Tim Erlin, vice president of Product Management and Strategy at Tripwire, is troubled by these findings. “It’s concerning,” he say, “that more than half would wait for an attack to happen before investing properly given what’s at stake with critical infrastructure. The energy industry should invest in establishing more robust cybersecurity strategies with a proper foundation of critical security controls and layers of defense.”
Research contact: email@example.com