Hackers target US infrastructure after digitisation on the cheap
Just a quarter of companies in traditional infrastructure businesses, including oil and gas, utilities and healthcare, are properly braced for an attack, estimated Matias Katz, chief executive of the cyber security group Byos. A recent survey by Siemens found that just 31 per cent of utilities felt well prepared to respond to a breach.
“The problem is that attacks move a lot faster than industries that are quote-unquote ‘old school’ are used to moving,” Katz said. “So, the speeds are different, and before slower-moving industries can catch on, there’s already a new attack out there and new threats.”
But reconfiguring traditional security systems to account for the ever-changing nature of cyber threats is costly. Padraic O’Reilly, an infrastructure cyber security adviser and co-founder of the cyber risk firm CyberSaint, said companies needed to avoid “patching” or “snapping on” security systems and rather transition into newer systems where security had been built in, and “the problem with that is that it’s very expensive”, he said.
Pipeline infrastructure is largely operated by private capital, meaning there is often a drive to cut costs where possible.
“Over time, as we get more financially based players investing in energy infrastructure, replacing energy companies themselves, the higher the impulse will be to cut costs,” said Amy Myers Jaffe, a professor at Tufts University’s Fletcher School and author of the book Energy’s Digital Future. “And that will be dangerous if cutting costs are done without enough care to the huge requirements for security.”