Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey

Ed Kovacs at SecurityWeek reported on something that is one of the few things that keep me "awake at night":

"Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.

The study is based on a survey of over 1,700 individuals working in the utilities sector in North America, Latin America, Europe, the Middle East, and the Asia-Pacific region. The respondents included technicians, managers, directors, supervisors and senior executives.

A majority of respondents believe that cyber threats pose a greater risk to their Operational Technology (OT) systems than to information technology (IT) systems. Nearly two-thirds view sophisticated cyberattacks as a top challenge and 56% have reported being hit by at least one attack involving loss of private information or an outage in their OT environment in the past year. Four percent of respondents said they had experienced 10 or more such incidents.

Over half of respondents expect a cyberattack on critical infrastructure in the next year, but those who took part in the study believe that 30% of attacks on OT systems are not detected.

The utilities industry is mainly concerned that a cyberattack could result in a significant environmental incident, that it can result in the theft of confidential information, and that equipment can be damaged. However, insiders account for a majority of attacks on OT systems, report here." Full Story at SecurityWeek: 

https://www.securityweek.com/many-utilities-sector-expect-attacks-critical-infrastructure-survey