The new study commissioned by McAfee and conducted by Center for Strategic and International Studies (CSIS) involved looking at the vulnerabilities of companies in the critical sectors, such as those in power/electricity, oil, gas and water. Some 200 IT security executives from the critical sectors in 14 countries worldwide were surveyed to compile the report titled "In the Dark: Crucial Industries Confront Cyberattacks."
The report revealed that 40 per cent of the IT executives surveyed felt that there was an increase in cyber attacks in their industry lately. However, nearly 30 per cent of the same group of executives said their company networks are unprotected and 40 per cent believe that a "major" cyber attack may be imminent within the next year.
The report also noted that the threats to critical infrastructure have increased compared to last year even as efforts to protect the infrastructures have not increased in any way. The new study is a follow-up of last year's study which already noted that critical infrastructures were not as protected as expected.
The 2011 study also noted that nearly 70 per cent of the IT security executives found malware in their systems and nearly 50 per cent in the electricity sector said they found Stuxnet on their systems, including electrical smart grids.
"What we are learning is the smart grid is not so smart," said Dr. Phyllis Schneck, vice president and chief technology officer for public sector, McAfee. "In the past year, we've seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures. The fact is that most critical infrastructure systems are not designed with cyber security in mind, and organisations need to implement stronger network controls, to avoid being vulnerable to cyber attacks."
Stuxnet has been dubbed by the IT security industry as one of the first cyber security super weapons.
Aside from Stuxnet, denial of service attacks (DDoS) are also prevalent. Some 80 per cent of respondents said they have noticed a "large-scale" DDoS attack in their networks while a quarter of the respondents noted weekly and even daily DDoS attacks.
Geography-wise, infrastructure owners in China, Italy and Japan are the most security-conscious among the study respondents. China and Japan have the highest confidence levels as they have the appropriate laws to protect organisations from cyber security threats. In contrast, Brazil, France and Mexico are lagging behind in implementing security measures.
When it comes to government involvement in protecting the critical infrastructures from cyber attacks, Asia is more active in coordinating with their governments. Respondents from China and Japan said they have high level coordination with the government while respondents from the US, Spain and the UK said they hardly interact with their governments at all.
CSIS is a Washington, DC-based bipartisan, non-profit organisation conducting research and analysis on policies.