Cyber attacks at U.S. energy companies

LogLogic released a report detailing information about IT security industry benchmarks and best practices for the energy sector as practiced by security professionals from a variety of energy and utilities companies throughout the United States.

The report covers best practices around measuring security effectiveness and security spending as well as common challenges around regulatory compliance.

“Ever since cyberspies hacked the U.S. electrical grid earlier this year, businesses have become increasingly aware that a security breach at an energy company that results in a major blackout has the potential to wreak havoc,” said Pat Sueltz, CEO at LogLogic. “We talked to leading information security professionals in the energy sector to find out how they determine the level of risk they carry and architect their security infrastructures to fortify against both internal and external attacks.”

The study surveyed information security professionals from a broad spectrum of energy corporations and government organizations ranging from less than $99 million to more than $1 billion in annual revenue. Of the respondents, two-thirds field more than 75 serious security vulnerabilities each week, with half resolving more than 150 attacks per week.

The report also uncovered sentiment that regulatory compliance in the energy sector is not seen as adequate enough to keep businesses secure.

When asked about challenges associated with the North American Electric Reliability Corporation (NERC), one manager of IT security said, “NERC doesn’t clearly outline the definition of roles and responsibilities, nor the definition of what cyber security actually is. There is still confusion around this, and we’re still managing through that.”