Detecting an energy system breach

The results of a survey conducted by Dimensional Research have been released by Tripwire Inc. The survey analysed the views of more than 400 executives and IT professionals in the oil, gas, energy and utility industries on cyber security and compliance initiatives. Overall, energy security professionals were extremely confident in their ability to detect a cyber attack on critical systems, with 86% saying they could detect a breach in less than one week.

The survey found that 49% of all respondents believe their organisation could detect a cyber attack on a critical system in under 24 hours. Energy executives were found to have the highest levels of confidence, with 61% claiming their organisation could detect a critical system breach in less than 24 hours. However, a report from Mandiant’s M-Trends has said that the average time to detect an advanced persistent threat on a corporate network is 205 days, and in the 2015 Data Breath Investigations Report, Verizon reported that 66% of cyber attacks took months to detect.

Mark Weatherford, Principal, The Chertoff Group said, “cyber security within energy companies is stronger than it has ever been, yet growing bodies of evidence indicate that it’s still far too easy to compromise the energy infrastructure. Confidence at the executive level is certainly critical and necessary for success, but over confidence can lead to a potentially dangerous false sense of security. Interestingly, a survey conducted last year by the Ponemon Institute found that 31% of 160 000 plus IT security professionals in 15 countries never speak with senior company executives, which might explain why Tripwire’s survey found that energy executives have such a high level of confidence in their organisation’s ability to detect a critical systems breach. Therefore, it’s a legitimate question to ask if executive confidence is misplaced.”

Additional findings

• 94% of executives agree that their organisation is a target for cyber criminals.
• 83% of respondents believe a cyber attack could do serious physical damage to their infrastructure.
• 3% of respondents believe it would take more than one month to detect a cyberattack on a critical system.

Rekha Shenoy, VP of Business and Corporate Development, Tripwire said, “cyber security in the energy industry is focused on protecting the availability and reliability of the critical infrastructure on which our nation relies. The good news is that energy organisations are increasingly aware of cyber security risks and are investing more resources into reducing these risks. The bad news is that many of these organisations are still underestimating the sophistication, persistence and evasive technology of the attackers who are targeting them. The reality is that most organisations need a continuous view of their entire attack surface in order to detect a breach quickly and respond before damage is done.”

Edited from press release by Claira Lloyd

Read the article online at: https://www.hydrocarbonengineering.com/special-reports/29062015/energy-system-breaches/