Hackers Are Inside the Power Plant, Study Says

54 percent of IT professionals surveyed at large infrastructure companies say they’ve been infiltrated. And it’s getting worse.

Security software vendor McAfee and the Center for Strategic and International Studies today released a report at the World Economic Forum that said that 54 percent of security executives interviewed at oil and gas production fields, power plants and other critical installations for a recent survey admitted they've already suffered large-scale attacks from organized crime, terrorists or nation-states. In all, 600 were interviewed for the survey.

Worse, it seems that our critical infrastructure is being guarded by Paul Blart, Mall Cop. 37 percent say that security has become worse in the past year, a casualty of the economy and shrinking corporate budgets. Cuts have been particularly steep in the oil and gas sector. Close to 40 percent expect a major security incident in the next year, while only 45 percent believe that their regional or local authorities are capable of deterring attacks. The average cost estimated for downtime came to $6.3 million per day.

Security is one of the top concerns of the National Institute for Standards and Technology, which wants to solidfy standards for the grid in the next few years, a relatively short amount of time. 

The findings do have to be taken with a grain of salt. Security companies tend to be a bit alarmist when it comes to assessing potential dangers. But it's important to note that it's not just anyone breaking in: some instances of suspected infiltration were linked to criminals and geopolitical rogues. Late last year, one security expert told me that some utilities have even discovered code originating from less-than-friendly nation-states on their servers. Why was it there? They weren't sure, but the utilities were understandably alarmed that it could have gotten there in the first place.

Antivirus vendors like McAfee and Symantec could become major players in green. Security is an issue, but these companies are also adept at monitoring hundreds and thousands of nodes at once and jumping into action at the first sign of a crisis, much like demand response companies.