We are making progress – slowly – the Recent McAfee Report

McAfee has released a new report on Cyber-Security for Critical Infrastructures - "In The Dark: Crucial Industries Confront Cyber Attacks". More than 200 IT executives in the energy, oil/gas and water sectors, responsible for information technology security, general security and industrial control systems in 14 countries were surveyed. CSIS then analyzed the quantitative results, conducted additional research and authored the report. The report is a follow up to a report released in 2010 called “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” that found that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyber attacks on these networks. 

Control system (SCADA) security is starting to become more mainstream – progress! However, the report focused on a weakness that I identified in the 2008 CISIS control systems report. The control system community was not invited. In this case, they surveyed IT not Operations even though control systems were the focus of the report – no progress. The report found that 40 percent of executives believed that their industry’s vulnerability had increased. Nearly 30 percent believed their company was not prepared for a cyber attack and more than 40 percent expect a major cyber attack within the next year. If executives are that concerned, how can utility executives accept the NERC CIPs which is just a compliance exercise – no progress.

Progress – albeit very slowly
Joe Weiss