Overall, 71 percent of respondents in the oil-and-gas industry reported stealthy-infiltration, compared with 54 percent of respondents in other sectors. The CSIS survey also found distributed DoS attacks were "particularly severe" in the energy/power and water/sewage sectors, where attacks were usually aimed at computer-based operational control systems, like SCADA.
When it comes to cyber attacks overall, the CSIS report indicates that "national factors are more significant than sector or industry-specific ones in determining attack rates." Specifically, the countries where the highest rates of cyber attacks were reported include India, France, Spain, and Brazil.
Respondents said that 24 hours of downtime from a major attack would cost about $6 million per day and in some sectors, such as oil and gas, exceed $8 million per day. Two-thirds of the respondents said the resources they had to protect their organizations networks was either "completely" or "mostly adequate," but one-third indicated resources were "inadequate" or just "somewhat adequate."
One-third of the respondents expressed the view that their own sector was either "not at all prepared" or "not very prepared" to deal with attacks or infiltration by high-level adversaries. Response varied a lot by country; 90 percent of executives in Saudi Arabia said their sector wasn't prepared, though 78 percent of the respondents in Germany were the most confident about preparedness.
The survey determined that China had the highest security adoption rate at 62 percent, ahead of the United States, United Kingdom, and Australia, with 50 percent to 53 percent. Italy, Spain, and India had the lowest security adoption rate at fewer than 40 percent. Security adoption was defined as a wide range of practices and technologies, from regular patching to use of encryption to security information and event management systems.
Chinese executives also showed the highest level of cooperation and support for their government's cyber security stance in terms of regulation and defensive posture. The study also reveals some trepidation about the United States in terms of the potential for government-sponsored cyber attacks; executives from many nations, including many U.S. allies, rank the United States as the country "of greatest concern" in terms of foreign cyber attacks, just ahead of China.
In total, 45 percent of the respondents believe their governments are either "not very" or "not at all" capable of preventing and deterring attacks.
The CSIS study also asked which countries appear most vulnerable, and 80 percent of respondents in China cited the United States as one of the three most vulnerable nations because it is very dependent on computer networks. The United States and China were also seen by the survey's respondents as the "likely attackers in a cyber war." The United States was viewed as the "most worrisome potential aggressor" by majorities of executives in some countries, including China, Brazil, Spain, Mexico and Russia.
The CSIS survey was conducted in September 2009 and carried out by U.K.-based market research firm Vanson Bourne and sponsored by McAfee.
This story, "DDoS attacks, network hacks rampant in oil and gas industry, other infrastructure sectors," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.