Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Most UK IT Security Leaders Fear CNI Attack

 
February 27th 2019
Over half of organizations believe the UK is heading for a major attack on critical infrastructure (CNI) this year, with siloed teams causing dangerous security gaps between IT and OT functions, according to Infosecurity Europe.

The region’s leading information security event polled over 12,000 social media followers and its community of CISOs to better understand the challenges facing organizations in CNI sectors.

Some 59% agreed that a CNI attack was imminent in 2019, echoing National Cyber Security Centre (NCSC) boss Ciaran Martin, who said last year that the nation’s first category one (C1) attack was a matter of “when, not if.” WannaCry was rated a C2 incident.

Of equal concern is the fact that organizations seem ill-prepared to deal with such an attack.

Over two thirds (68%) of respondents claimed that security teams in charge of physical and digital systems never collaborate. These siloes can be particularly damaging as IT and OT converge, for example with the proliferation of IoT in heavy industry.

“The increasing convergence of cyber and physical environments is inevitable, but managing them in a cohesive way will strengthen enterprise security,” argued Just Eat CISO, Kevin Fielder.

“Those intent on accessing money, information or IP will often find it easier to do so from the inside – and we’re moving to a world where this can mean immediate impact on life. Hacking a building’s management systems, for example, could suppress a fire alarm or sprinkler system, or prevent people leaving.”

The poll also revealed that just 16% of respondents were aware of the NIS Directive, an EU law now in force which aims to improve baseline security among firms in CNI sectors. Non-compliance could incur fines as high as the GDPR.

“I can’t believe that any cybersecurity leader in a sector impacted by the NIS Directive would be unaware of its implications for their business,” argued Nigel Stanley, CTO of TÜV Rheinland.

“Lack of commitment to secure critical infrastructure is the worst sort of negligence. Forget what the regulators demand — organizations should take the initiative and secure assets based on a proportionate cybersecurity and business-led risk assessment.”

Source

Keywords