Consumer Electronics Daily was a Warren News publication.

Critical Infrastructure Threatened by Cyber-Attackers

January 29, 2010 |Miscellaneous

Critical infrastructure systems worldwide are the targets of repeated cyber-attacks, said a study by PC security provider McAfee commissioned by the Center for Strategic and International Studies. Officials from the Department of Homeland Security proposed partnerships with the private sector and cross-sector coordination, during a panel Thursday, when the report was released.

More than half of the world’s critical infrastructure companies have been the target of cyber-attacks, said the McAfee study, which surveyed some 600 IT and security executives from the energy, transport, water and sewage, government, telecom and financial sectors in 14 countries. “The threat is real and preparedness is spotty,” said Stewart Baker, a partner with Steptoe & Johnson and study director. The executives surveyed saw people in the U.S. and China as the most worrisome cyber-attackers: The U.S. was rated most aggressive by 36 percent of executives, followed by China at 33 percent. The oil and gas sector stands out as a major target, the study said, reporting more Ghostnet-style infiltration than any other sector. But the sector has seen the second highest recession-driven cost cuts in cybersecurity resources, it said.

Baker pointed to survey findings that 20 percent of respondents reported extortion attempts. In the U.S., U.K. and Germany, only 10 percent said that, but in India, 40 percent reported extortion. Adoption of security measures lags behind the threat: Basic key security measures aren’t widely adopted and measure adoption rates vary widely by country, the report said, saying China leads in security measure adoption.

Without partnering with the private sector, “it would be difficult for the federal agencies to achieve much of anything,” said Asha Mathew, senior council for the Senate Committee on Homeland Security and Governmental Affairs. Critical infrastructure has a high dependency on cybersystems, said Sue Armstrong, deputy assistant secretary for infrastructure protection at the Department of Homeland Security. “We need to push public-private partnership” because cybersecurity is a shared responsibility, she said. The department’s looking at ways to share “really meaningful information” with the industry, said Jenny Menna, director of Cyber Protection & Awareness at Homeland Security.

But partnering with the government could be a challenge due to various different local and federal regulations and rules, said Adam Rice, chief security officer at Tata Communications. The ISP, operating networks worldwide, believes sharing data with the government would be helpful, he said. But in exchange, companies would like to get cyberthreat information from the government so they can apply limited resources to avoid potential attacks, he said. Education and awareness are critical component of any cybersecurity efforts, said Phyllis Schneck, a McAfee vice president. -- Yu-Ting Wang

State of Net Conference Notes …

The use of social media in tech policy fosters citizen participation in rulemaking and other processes, said speakers at the State of the Net Conference. Effective online communication is about “offering something that people can engage with in the right moment so they can feel like they're empowered,” said Jonah Seiger, co-founder of Connections Media. “Channeling that emotion can make a difference.” More citizens are involving themselves in government, said FCC Managing Director Steven VanRoekel. The commission received more than 120,000 comments about net neutrality through its openinternet.gov Web site. Social media “is enlightening the direction we're heading in,” he said. “It’s bringing up a lot of substantive issues that we could never respond to in public and how to shape these rules. … In the next 18 months you'll probably see a lot of federal agencies dialing this up.”