Execs: Electrical companies moving slowly to address cyber threats
In the summer of 2010, analysts identified Stuxnet, a complex computer virus that targeted industrial control systems and opened up a whole new range of cyber threats. Almost a year later, however, the security response from companies that protect vital electrical grids remains woefully slow, according to a new report by the Center for International and Strategic Studies and Internet security firm McAfee.
Cybersecurity experts warn that more electrical infrastructure is being connected to the Internet or other networks, opening up the whole system to cyber attacks. A targeted attack could plunge millions of Americans into darkness, or worse.
This year's study polled 200 electrical infrastructure industry executives from 14 countries. The team's researchers found that Stuxnet "transformed the threat landscape," with 40 percent of respondents reporting that the virus had infected their networks.
"The emergence of Stuxnet points to an overriding need for critical infrastructure companies to acknowledge the changes in the cyberthreat landscape," the report states.
Despite the threat, the adoption rate for security systems has grown only incrementally.
"Overall, we found little good news about cybersecurity in the electric grid and other crucial services that depend on information technology and industrial control systems," the report concludes. "Security improvements are modest and overmatched by the threat."
Not only are private companies moving slowly to address the potential problem, the U.S. government has yet to get involved in a serious way, according to the 40 percent of American executives who said they do not interact with government officials on cybersecurity or defense issues. Just over 10 percent of American respondents said their cybersecurity plans had been audited by the government, versus 100 percent of Japanese executives.
"As a country, we are going to have to decide what our government and private industry response looks like," said Kevin Gronberg, senior counsel for the House Homeland Security Committee. "The only way to decide how much government is involved is to engage in debate over it."
Compared to western nations and India, countries in East Asia seem to be pursuing a more concerted campaign to secure their networks, the researchers found.
The report calls for "true infrastructure protection policies" around the world, including improved authentication measures; more encryption and detection technology; increased oversight of industrial control systems; and effective partnerships with governments.
Senate Democrats have introduced legislation designed to safeguard critical infrastructure, including the electric grid, military assets, the financial sector, and telecommunications networks. It outlines federal authority and establishes incentives for private industry to protect their systems.
"Today we rely more heavily than ever on technology to run everything from power plants to missile systems to personal computers. In a rapidly changing world it's important that we adapt new to threats to our security," said Senate Majority Leader Harry Reid, D-Nev., when the plan was announced in January.