Control Engineering 2016 Cyber Security Study
Six cyber security key findings
Respondents to the Control Engineering 2016 Cyber Security Study identified six high-level findings impacting control systems today:
- Threat levels: Forty-eight percent of respondents perceive their control systems to be moderately threatened by cyber attacks, while 25% say theirs are highly threatened and 9% are at a severe threat level.
- Most concerning threat: Malware from a random source is the most concerning control system threat for 37% of respondents. Another 21% are worried about an attack through a vulnerable device, and 17% fear theft of intellectual property or attacks as part of a larger attempt to disrupt critical infrastructure.
- Vulnerable system components: The top most vulnerable system components within respondents’ organizations are computer assets running commercial operating systems (70%), network devices (68%), and connections to other internal systems (64%).
- Vulnerability assessments: Twenty-six percent of respondents reported that their organizations have performed some type of vulnerability assessment within the past 3 months. The average facility has checked their vulnerabilities within the past 8 months.
- Cyber-related incidents: Six in 10 respondents have experienced a malicious cyber incident into their control system networks and/or control system cyber assets—that they are aware of—within the past 24 months. Forty-six percent of these attacks were accidental infections, 18% were targeted in nature, and 36% were both accidental and targeted.
- Mobile devices: Thirty-two percent of organizations do not allow mobile devices—such as smart phones and tablets—to connect to networks or enter work areas. Of the facilities that do allow mobile device use, 47% allow them to connect to networks and enter work areas.