Dive Brief:

• 67% of utility, oil and gas, alternative energy, and manufacturing sector companies report “at least one security compromise that led to the loss of confidential information or disruption to operations” in the past year, according to Critical Infrastructure: Security Preparedness and Maturity from the Poneman Institute and Unisys Corporation.
• 64% want to prevent or anticipate attacks, though only 28% make security a top five priority. 
• While 47% of the security breaches occurred because of negligent employees, only 6% of the companies provide cybersecurity training for employees, and only 17% have reached the “mature” level of cybersecurity that is defined by the survey of 599 IT security executives in 13 countries.

Dive Insight:

Barriers to critical infrastructure security develop because of the competing interests of old technology and new cyber threats, government regulation and company motivation, and cost and security.

The 16 critical U.S. infrastructure sectors are all regulated under the February 2014 National Cybersecurity Framework, a set of the best security practices.

Over half of the companies surveyed (54%) face the double-edged dilemma of being unsure about their ability to upgrade cost-effectively without compromising security, which in turn leaves security compromised.

According to The Internet of Things, it will be “theoretically possible to attack smart fridges and televisions, remotely unlock prison gates, set printers on fire, or control heating and lighting.”

Attacks on critical infrastructure are often driven not by profit but by geopolitical ambitions.