Insufficient SecurityWhen an energy company applies for cyber-attack cover, its current systems are audited in order to determine the level of risk that the insurance underwriter will be exposed to. If current security measures are deemed insufficient, insurance cover will not be granted. Unfortunately, the state of the power industry is one where insufficient security is the norm. According to the BBC, the biggest problem is with outdated software created to manage power utilities long before the Internet reached worldwide dominance. One of the main pieces of management software now being used, known as Supervisory Control and Data Acquisition (SCADA), provides far too many loopholes for hackers thanks to insufficient networking defences. Closing those loopholes is a nearly insurmountable task due to the age of the software. Making matters worse is the drive to link multiple power stations to a single, remote control centre via Internet connections. Treated individually, security management would be fairly straightforward and highly successful. Nevertheless, once Internet connections are involved, every power station linked to the system becomes vulnerable. Until the energy sector can address these serious security concerns, getting insurance is going to be challenging.
A Larger IssueIn our minds, the insurance troubles being experienced by the energy sector leads to questions of a larger issue. What is that larger issue? It is one of similar security concerns across nearly every sector where companies and stakeholders are still using outdated software and hardware without the capability to defend against large-scale cyber-attacks. In other words, this issue is not limited only to energy companies. While it's true the average data centre is more than equipped to handle even the most serious cyber-attacks, what about small companies with multiple locations connected to a central networking hub? From the car repair chain to an attorney with multiple urban locations, any business or organisation that has not given serious consideration to upgrading computer systems could find itself at risk. The threat of cyber-attacks is no longer something of films and night-time television. It is very real. Any entity utilising Internet connections of any type needs to take it seriously if it wants to protect itself, insurance cover notwithstanding.
Source: BBC – http://www.bbc.com/news/technology-26358042