Half of critical private networks hit by political cyber attacks

By Gautham Nagesh – 10/06/10 09:47 AM ET

Half of the companies that provide critical infrastructure such as utilities or communication services have experienced politically motivated cyber attacks, according to a new report from Symantec.

survey of critical infrastructure providers found 53 percent suspected they had experienced an attack with a specific political goal in mind. The companies affected reported being attacked an average of 10 times over the past five years. Half said they expect another attack in the next year and 80 percent believe the attacks are becoming more frequent. The respondents said the majority of the attacks were somewhat to extremely effective and cost firms an average of $850,000 each.

“Critical infrastructure protection is not just a government issue. In countries where the majority of a nation’s critical infrastructure is owned by private corporations, in addition to large enterprises, there is also the presence of small and medium-sized businesses,” said Symantec chief information security officer Justin Somaini.

Somaini cited the Stuxnet virus, which has disabled physical security features at factories around the globe in recent months, as evidence that the threat to private networks is evolving. The survey also showed the energy industry is most ready for an attack, while the communications industry was least prepared.

“Security alone is not enough for critical infrastructure providers of all sizes to withstand today’s cyber attacks,” Somaini said. “The Stuxnet worm that is targeting energy companies around the world represents the advanced kind of threats that require security, storage and backup solutions, along with authentication and access-control processes to be in place for true network resiliency.”

Protecting the nation’s critical infrastructure from cyber attacks is an increasing priority for the Obama administration, which asserts it already has the right to act to protect private-sector networks in the event of a catastrophic cyber attack that could cost significant loss of life or financial damage under a little-used clause in the Communications Act passed in the wake of the Japanese bombing of Pearl Harbor in December 1941.

For more, visit TheHill.com

Comments are closed.