When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary Leon Panetta was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012. Panetta stated:
“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical (railroad) switches…they could derail passenger trains or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities or shut down the power grid across large parts of the country.”
While some experts dismiss the concept of a cyber-Pearl Harbor, few would argue that U.S. critical infrastructure organizations are under attack. According to ESG research, 68% of critical infrastructure organizations have experienced one or several security incidents over the past two years and many of these events led to the disruption of critical applications, business processes, or operations (note: I am an ESG analyst).
Given this risk, you’d think that critical infrastructure organizations would do all they can to harden their IT and operational technology infrastructure and only buy products and services from vendors that take cybersecurity seriously. Unfortunately, this doesn’t appear to be the case. According to ESG research, an astonishing 58% of critical infrastructure organization use products or services from IT vendors whose products and/or services come with some types of security risk. For the full article click here
from critical infrastructure alliance http://ift.tt/1WMwla5
via IFTTT
No comments:
Post a Comment