McAfee, a network security firm in Santa Clara, Calif., and Georgetown University's Center for Strategic and International Studies (CSIS) have issued a report documenting a high rate of cyber attacks against the electric power grids in 14 countries surveyed. Of 200 IT executives questioned, 40 percent thought vulnerabilities had increased, 30 percent thought their companies were not adequately prepared, and 40 percent expected a major attack in the next year.
Four fifths of the respondents said they have faced major denial of service attacks, and a quarter said they have experienced attacks tied to attempts at extortion. Between 60 and 80 percent of the respondents in India and Mexico, the countries most afflicted by extortion, said they had suffered such attacks.
The report, commissioned by McAfee and prepared at CSIS, covered oil, gas, and water infrastructure, as well as electric power systems. It found that China, Italy, and Japan to be best prepared for cyber attacks, but Brazil, France, and Mexico to be lagging. Communication between governments and network operators was found to be wanting in Spain, the United States, and the UK.
There was a general sense that as more sophisticated communications and computing are integrated with power systems, consistent with the smart grid vision, things will get worse before they get better.“What we are learning is the smart grid is not so smart,” said Phyllis Schneck, vice president and chief technology officer for public sector at McAfee. “The fact is that most critical infrastructure systems are not designed with cybersecurity in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyberattacks.”
As the Financial Times commented in a story about the McAfee-CSIS report, the findings amplify concerns highlighted by last year's Stuxnet, the ultra-sophisticated cyber weapon that was designed to disable uranium enrichment centrifuges in Iran--and did so--but also penetrated power grids and control systems all over the world, albeirt without doing any damage. A New York Times report discusses efforts in the United States by FERC and NERC to disseminate checklists and establish power industry practices to address cyber threats to the grid.