Critical Infrastructure Facing Increased Cyber Risk

October 21, 2013

The nation’s critical infrastructure is coming under increased pressure to protect their vital systems and assets from outside cyber threats as the number of attacks increase and stronger regulations are imposed.

Nowhere is the growing threat more apparent than within the power and utilities industry, which faces more cyber attacks than any other critical infrastructure sector, according to Department of Homeland Security (DHS) data.

In its latest Marsh Risk Management Research briefing Securing Power, Utilities, and Other Critical Infrastructure from Growing Cyber Risks, Marsh examines the growing cyber threat to the US power grid and other infrastructure facilities; the evolving regulatory landscape; and steps utilities and other facilities can take to better protect their data and assets.

Of the more than 200 cyber incidents investigated by the DHS’ Industrial Control Systems Cyber Emergency Response Team between October 2012 and May 2013, 54% occurred within the energy sector, far surpassing any other critical infrastructure sector.

“A power grid interruption as a result of a cyber attack has the potential to cost utilities and other infrastructure facilities millions of dollars in lost revenue, regulatory fines, and additional expenses to restore operations and to improve cyber securities defenses, not to mention reputational damage,” said Matt McCabe, a senior advisory specialist within Marsh’s Network Security and Privacy Practice. “The incidents have also prompted the federal government to propose stronger cyber security practices for utilities and other infrastructure owners and operators.”

Mitigating the risks related to sophisticated cyber attacks while navigating an increasingly complex regulatory environment is not an easy task, but there are steps utilities and other facilities can take to better protect their data and assets, Marsh said.

In addition to industry-specific cyber insurance solutions, critical infrastructure facilities should focus on employee training; engage in system penetration testing and periodic threat assessment reviews; develop and test continuity plans; and review and update procedures and responsibilities for gathering and processing claims information in the event of a loss, Marsh said.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Critical Infrastructure Facing Increased Cyber Risk

Related Articles

Related Products

Report Abusive Comment