The BBC reported late
last week about a troubling trend plaguing the nation's power companies: these
are increasingly applying for insurance cover against cyber-attacks but are being
turned away in large numbers. According
to the BBC, the main problem power companies are encountering is that insurance
company audits that show their cyber defences are too weak, thus exposing
underwriters to unreasonable risk.
Lloyd's of London told
the BBC that it has experienced a recent surge in the demand for cyber-attack
cover among energy sector companies. No reason was given for the surge, but
some believe increased threats from the cyber terrorism community are partly to
blame. Energy companies afraid of computer
and infrastructure damage relating to a cyber-attack might be hoping to lean on
insurance should a devastating attack occur.
Insufficient Security
When an energy company
applies for cyber-attack cover, its current systems are audited in order to determine
the level of risk that the insurance underwriter will be exposed to. If current security measures are deemed
insufficient, insurance cover will not be granted. Unfortunately, the state of the power industry
is one where insufficient security is the norm.
According to the BBC, the
biggest problem is with outdated software created to manage power utilities
long before the Internet reached worldwide dominance. One of the main pieces of management software
now being used, known as Supervisory Control and Data Acquisition (SCADA),
provides far too many loopholes for hackers thanks to insufficient networking defences.
Closing those loopholes is a nearly
insurmountable task due to the age of the software.
Making matters worse is
the drive to link multiple power stations to a single, remote control centre
via Internet connections. Treated
individually, security management would be fairly straightforward and highly
successful. Nevertheless, once Internet
connections are involved, every power station linked to the system becomes
vulnerable. Until the energy sector can
address these serious security concerns, getting insurance is going to be
challenging.
A Larger Issue
In our minds, the
insurance troubles being experienced by the energy sector leads to questions of
a larger issue. What is that larger
issue? It is one of similar security
concerns across nearly every sector where companies and stakeholders are still
using outdated software and hardware without the capability to defend against
large-scale cyber-attacks. In other
words, this issue is not limited only to energy companies.
While it's true the
average data centre is more than equipped to handle even the most serious cyber-attacks,
what about small companies with multiple locations connected to a central
networking hub? From the car repair
chain to an attorney with multiple urban locations, any business or
organisation that has not given serious consideration to upgrading computer
systems could find itself at risk.
The threat of cyber-attacks
is no longer something of films and night-time television. It is very real. Any entity utilising Internet connections of
any type needs to take it seriously if it wants to protect itself, insurance
cover notwithstanding.
Source: BBC – http://www.bbc.com/news/technology-26358042
No comments:
Post a Comment