• United States



Contributing Writer

U.S. critical infrastructure under cyber attack

Sep 29, 20153 mins
CybercrimeData and Information SecurityIT Leadership

Majority of critical infrastructure organizations have experienced damaging and costly incidents over the past two years

ESG recently published a new research report titled, Cyber Supply Chain Security Revisited, focused on cyber supply chain security practices and challenges at U.S.-based critical infrastructure organizations (note: I am an ESG employee).  The term “critical infrastructure” is associated with 16 industries designated by the U.S. Department of Homeland Security (DHS), “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (source: DHS).

Some experts believe that a cyber-attack on one or several critical infrastructure organizations could result in a “Cyber Pearl Harbor,” disrupting society and the economy for weeks or months.  This places critical industry organizations firmly in the national security bucket.

Are these firms really being targeted?  Yup.  ESG research reveals that 68% of the critical infrastructure organizations surveyed claim that they experienced one or several security incidents over the past two years.  As for the ramifications of these security incidents:

  • 36% of critical infrastructure organizations say that cybersecurity incidents led to the disruption of a critical business process and/or critical operations.  These disruptions could range from ATM network outages, offline clinical systems, or a power failure – serious stuff.
  • 36% of critical infrastructure organizations say that cybersecurity incidents led to the disruption of a critical business application or IT system availability.  These disruption could include airline reservation systems, hospital information systems, or SCADA systems.  Once again, these types of disruptions can wreak havoc for hours or days on end. 
  • 32% of critical infrastructure organizations say that cybersecurity incidents led to a breach of confidential data.  This data could be banking customer information, patient records, or top secret design documents of military systems.  It’s pretty obvious that the bad guys are stealing our data for criminal gains or industrial espionage. 

The ESG research clearly indicates that critical infrastructure organizations are under a state of constant cyber-attack.  Alarmingly, 67% of cybersecurity experts working at critical infrastructure organizations also believe that the threat landscape is more dangerous today than it was two years ago so things are likely to get worse and worse.  It remains unclear whether this could lead to a Cyber Pearl Harbor, but there’s no doubt that cyber-attacks are disrupting critical services and costing us all a lot of money. Hmm, maybe the presidential candidates should pay more attention to cybersecurity and critical infrastructure and do less jawboning about each other’s bank accounts and looks.  

I’ll continue to blog about my cyber supply chain security research over the next few weeks and months.  In the meantime, ESG has made the report available for free download here.  Your feedback on the report is welcome. 

More on critical infrastructure protection

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author