Control Engineering 2014 Cyber Security Study

Cyber threats to control systems are high, frequencies of vulnerability assessments are low, and many organizations are lacking a capable cyber incident response team. Are your systems at risk?

04/15/2014


In February 2014, Control Engineering surveyed members of their audience who are directly involved in aspects of control system cyber security within their organizations. The 2014 Cyber Security study asked key questions on cyber security practices, including perceived threat levels, system vulnerability, and recent cyber-related incidents.

Figure 1: More than one-quarter of respondents perceive their organization's control system cyber security threat level to be high or severe. Source: Control Engineering 2014 Cyber Security studyIn general, nearly half of respondents perceive the control system threat within their organizations to be at a moderate level, but 1 in 4 cite a "high" or "severe" threat level in their systems.

Malware from a random source with no specific connection to respondents' respective companies or industries was cited as the most threatening type of cyber-related incident that a control system could experience.

The top three system components respondents are most concerned about are:

  1. Computer assets that are running commercial operating systems
  2. Connections to other internal systems
  3. Network devices.

On the other hand, cyber threats don't seem to be much of a concern on embedded controllers and connections to the field SCADA network.

Systems vulnerability

When asked about the last time their organization performed any type of vulnerability assessment, one-third of respondents said an evaluation was performed within the past six months, 29% said within the past 12 months, 15% said within the past 18 to 24 months, and an alarming 24% said never.

Figure 2: Thirty-three percent of respondents cited that their organization performed its most recent vulnerability assessment within the past six months. Source: Control Engineering 2014 Cyber Security studyOf the respondents who indicated that their organization has never performed a vulnerability assessment, 33% have been aware of between 1 and 5 malicious cyber incidents in their control system networks and/or control system cyber assets in the last 24 months. One-third of these incidents were declared as accidental infections, while 20% were targeted in nature, and 47% were a combination of targeted and accidental.

Only 25% of all respondents indicated that their organization’s computer emergency response team appears well trained and capable to detect and respond to cyber-related incidents. Nearly half said either such a team does not exist at their organization, or the existing team is not properly trained to identify and react to these attacks.

Here is where the problem may lie: 71% of organizations are teaching their employees about who to contact in the event of a cyber incident or attack, but not how to properly respond in such a scenario.

Forty-one percent of respondents agreed that having industry-required standards without government involvement would improve or enable their efforts to implement proper control system cyber security controls, while 21% said that no outside involvement would help at all.

Access the full Control Engineering 2014 Cyber Security report with additional findings and insights.

- Amanda McLeman is director of research at CFE Media, Control Engineering.



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
2017 Lubrication Guide; Software tools; Microgrids and energy strategies; Use robots effectively
Prescriptive maintenance; Hannover Messe 2017 recap; Reduce welding errors
Safety standards and electrical test instruments; Product of the Year winners; Easy and safe electrical design
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Diagnostic functions for system safety; Specifying industrial enclosures; Effective decision support for a crisis
Transformers; Electrical system design; Selecting and sizing transformers; Grounded and ungrounded system design, Paralleling generator systems
Natural gas for tomorrow's fleets; Colleges and universities moving to CHP; Power and steam and frozen foods

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Maintenance Manager; California Oils Corp.
Associate, Electrical Engineering; Wood Harbinger
Control Systems Engineer; Robert Bosch Corp.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me