Two-Thirds of Energy Sector IT Professionals Lack Visibility into Cyber Attacks that Cause Physical Damage

1730 1

Only 35 percent of energy IT professionals accurately track all threats targeting their operational technology

Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, announced the results of a study conducted for Tripwire by Dimensional Research on the cyber security challenges faced by organizations in the energy sector. The study was carried out in November 2015, and respondents included over 150 IT professionals in the energy, utilities, and oil and gas industries.

According to Tripwire’s study, eighty-two percent of the respondents said a cyber attack on the operational technology (OT) in their organization could cause physical damage. However, when asked if their organization has the ability to accurately track all the threats targeting their OT networks, sixty-five percent replied, “no.”

Additional findings from the study include:

  • More than three out of four respondents (seventy-six percent) believe their organizations are targets for cyber attacks that could cause physical damage.
  • Seventy-eight percent of respondents said their organizations are potential targets for nation-state cyber attacks.
  • One-hundred percent of energy executive respondents believe a kinetic cyber attack on operational technology would cause physical damage.

“The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “These threats are not going away. They are getting worse.”

According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry, and attacks on industrial control system networks are on the rise. If successful, these energy sector cyber attacks could have a dramatic physical impact. In December 2015, BlackEnergy malware was used in an attack against a power plant in the Ukraine and left over 700,000 customers without electricity.

Erlin continued: “We’ve already seen the reality of these responses in the Ukraine mere months after this survey was completed. There can be no doubt that there is a physical safety risk from cyber attacks targeting the energy industry today. While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber attacks.”

About Tripwire
Tripwire logoTripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.

In this article