San Francisco, January 30: Power plants, oil refineries and water supplies increasingly dependent on the internet are under relentless attack by cyber spies and thugs, according to a McAfee report released on Thursday.
The Critical Infrastructure in the Age of Cyber-War analysis by the US-based Centre for Strategic and International Studies said the price of “downtime” from major attacks exceeds $6m a day.
“If cyberspace is the Wild West, the sheriff needs to get to Dodge City,” concluded the study commissioned by McAfee, which sells computer security software.
In most developed countries, operating systems of critical infrastructure including power grids and oil refineries are linked to the internet where they can be targeted for attacks.
“There are absolutely foreign entities that would definitely conduct (cyber) reconnaissance of our power infrastructure,” said Michael Assante, chief security officer of the North American Electric Reliability Corporation.
“They would be looking to learn, get a foothold and try to maintain sustained access to computer networks.”
Repeated cyber attack
Researchers surveyed 600 IT and security executives from critical infrastructure enterprises in 14 countries in September of 2009.
Operators of enterprises reported that their networks and control systems are under repeated cyber attack, according to the study.
And while defences were deemed acceptable, harsh economic conditions have tightened spending on computer security while attackers have grown more sophisticated, survey results indicated.
“There is no identifiable protection model that will keep pace with the evolution and sophistication of cyber threats,” said Assante.
“In addition, innovative technologies, from cloud computing to Smart Grid meters and Scada connectivity, continue to create new vulnerabilities.”
While the most common target of attacks was financial information, operators of energy, oil, and gas facilities saw assaults on operational controls, according to the survey.
A third of the respondents saw the threat as growing, while 40% said they expect a major internet security incident in their sector within a year.
—Agencies