Cyber-Security Environment For Critical Infrastructure ‘Growing More Hostile’


Executives involved in running critical infrastructure said they feel government has a ‘critical’ role in cyber-security

Executives from organisations maintaining critical infrastructure feel the government has a role in protecting such systems, according to a new Intel Security study, which found that 86 percent of respondents felt cooperation between the public and private sectors was “critical” to protecting cyber infrastructure.

The study, conducted by Vanson Bourne on behalf of Intel Security and the Aspen Institute, was based on a survey of 625 IT security decision makers in sectors including energy, transport, finance and government in France, Germany, the United Kingdom and the United States.

National response

cyber securityThe executives were confident in their existing security systems, with more than four in five saying they were “satisfied” or “extremely satisfied” with the performance of tools such as endpoint protection, network firewalls and secure web gateways, but 72 percent said the cybersecurity threat level in their organisation was escalating.

Almost nine in ten (89 percent) said there had been at least one attack on their systems over the past three years, with a median of close to 20 attacks per year.

The study found support for national cyber-defence forces capable of responding to online attacks, with 76 percent saying they believe such a force should respond when an attack damages a critical infrastructure company within national borders.

The issue of a national cyber-response apparatus has gained a new prominence in the US in recent months, following a recent attack that resulted in the theft of millions of US government personnel records, with senior US government officials urging the government to establish a clear protocol for how it responds to cyber-attacks, and James Clapper, director of US national intelligence, saying that such a protocol would establish a “red line”.

User vulnerability

The increasing focus on cyber-security means the organisations surveyed believe their own vulnerability has decreased over the past three years – 50 percent said they would have considered their organisation “very or extremely” vulnerable three years ago, with only 27 percent saying the organisation is “very or extremely” vulnerable at the present time.

However, no matter how strong security is built, respondents said they believe individual users remain the top point of vulnerability, potentially exposing organisations by valling victim to scam emails, social engineering techniques or drive-by browser downloads.

“This data raises new and vital questions about how public and private interests can best join forces to mitigate and defend against cyberattacks,” said Clark Kent Ervin, director of Aspen Institute’s Homeland Security Programme, in a statement. “This issue must be addressed by policymakers and corporate leaders alike.”

Last year business secretary Vince Cable also emphasised the need for industry to work together with government to protect critical infrastructure.

“Cyber attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives,” Cable said. “We can only achieve this objective through a partnership between government, the regulators and industry.”

Are you a security pro? Try our quiz!