Critical infrastructures under attack, warns McAfee

Hacking attacks on critical infrastructures are happening all the time, says McAfee

Attacks on critical infrastructure IT systems are widespread and growing in frequency, and could cost over $6m (£3.7m) a day on average, according to a detailed new report from security giant McAfee launched today.

In the Crossfire: Critical Infrastructure in the Age of Cyberwar is one of the most in-depth reports of its kind in the security area. McAfee surveyed over 600 professionals responsible for critical infrastructure protection across seven sectors in 14 countries, and commissioned think-tank the Centre for Strategic and International Studies to conduct additional qualitative research to compile the report.

Nearly 60 per cent of respondents believe that foreign governments have been involved in cyber attacks against critical infrastructure in their country, while a third had actually suffered large-scale distributed denial-of-service attacks several times a month, most of which had an impact on operations.

In addition, a third believe that the threat to critical infrastructures is growing, and two-fifths expect a major security incident within the next year. Infections with viruses or malware was the most commonly reported form of attack, while "theft-of-service" was perceived as the most common motivation for attack. The most common target is financial information.

Yet many countries appear woefully unprepared for such attacks, according to the report. Over a third described their resources as 'inadequate' or 'somewhat adequate'.

McAfee's chief technology officer, George Kurtz, said that much of the problem lies with the fact that most critical infrastructures are run by the private sector, so the motivation for securing them is not as high as it should be.

"The private sector is financially motivated, and governments are motivated by security and the national interest, and these two sides can't always be reconciled," he argued in an interview with V3.co.uk.

"One way of going forward is if the government could provide tax incentives to critical infrastructure companies to secure and upgrade their systems. Governments also need to hold these firms accountable and be prescriptive in the security measures they need to adopt. They need to find a way of clearly measuring security and risk equally across departments."

The report comes just a fortnight after it was revealed that Google and at least 20 other firms had been hit by a sophisticated and possibly state-sponsored attack originating from China.