Most Read: National

Live Discussions

Switchback: Talking tech

Switchback: Talking tech

Live chat, 11 a.m. ET

Bring your questions about Apple’s new offerings, Android’s new encryption, anything else from the tech world.

12:00 PM The Fix Live   LIVE NOW
12:00 PM Carolyn Hax Live (Friday, Sept. 19)   LIVE NOW

Weekly schedule, past shows

Checkpoint Washington
Posted at 08:23 PM ET, 05/16/2012

Survey: Critical sectors less attuned to cyber threat

A new survey out Wednesday finds that the energy and utilities industries rank the lowest when it comes to computer and information security risk management.

The third biennial survey by the Carnegie Mellon University CyLab comes as Congress is considering legislation to mandate cybersecurity measures in critical industries.

The survey of 108 global companies also found that the financial sector had the best risk management practices.

Overall, the statistics are grim.

For instance, although 91 percent of the respondents — all executive board or senior executive officials — indicated that risk management was being actively addressed, only 29 percent said they were paying attention to information technology operations, 33 percent to computer and information security and only 13 percent to management of vendors who provide software and other crucial services, the study found.

The lack of attention paid to security risk management by the energy and utility sectors is disturbing given the degree to which operations and processes are controlled by information technology systems, the report said.

In a comparison of industries, the study found that 57 percent of energy and utility company executives who responded rarely or never reviewed security program assessments. That compares with 17 percent for the financial sector.

John Dickson, a principal at Denim Group and a cybersecurity expert who works closely with Fortune 500 companies, said the results are consistent with what he has seen in industry. Although the financial sector generally has better security, he said, the threats those firms face come from criminals based in Eastern Europe. What concerns him are the “nation-state guys” going after the electric and other utilities, who have greater capabilities to disrupt, damage or destroy networks and the information in them, he said.

By  |  08:23 PM ET, 05/16/2012

 
Read what others are saying
     

    © 2011 The Washington Post Company