Free Newsletter
Register for our Free Newsletters
Associations, Services and Universities
Automotive Industry
Design & Manufacturing Services
Education, Training and Professional Services
Electrical Components
Electronic Components
Fastening and Joining
Laboratory Equipment
Machine Building & Automation
Maintenance, Repair and Overhaul (MRO)
Materials & Processes
Materials Processing and Machine Tools
Mechanical Components
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Three-fifths of industrial control industries have not deployed security configuration management, claim

Tripwire : 19 November, 2013  (Technical Article)
Tripwire has announced the results of research comparing risk-based security management in the industrial sector to that of other industries.
The survey, conducted in April 2013 with the Ponemon Institute, and announced at the Eighth Annual American Petroleum Institute Cybersecurity Conferenceevaluated the attitudes of 1320 respondents from IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management. 108 industrial sector respondents from the US and UK participated in the industrial controls portion of the survey.
Key findings included:
  • 51% use formal risk assessments to identify security risks – five percent higher than the survey average
  • 86% believe minimizing noncompliance with laws and regulations helps meet certain business objectives – five percent higher than the survey average
  • 43% measure the reduction in unplanned system downtime to assess the effectiveness of cost-containment management efforts, differing from survey average of 38 percent
  • 52% listed the “flow of upstream communications” as one of the top three features most critical to the success of a risk-based security management approach – an 8% increase over the survey average of 46%
However, the study revealed that the industrial sector is less effective than other industries in deploying risk management controls and communicating effectively about security. Additional findings included:
  • Only 40% have fully or partially deployed security configuration management, differing from the survey average of 49%
  • 75% have fully or partially deployed system hardening, 5% lower than the survey average of 80%
  • 69% said security communications are contained in only one department or line of business, differing from the survey average of 63%
  • 67% said security communications occur at too low a level, differing from the survey average of 62%
  • Only 56% listed an “openness to challenge assumptions” as one of the top three features most critical to the success of a risk-based security management approach. This was 6% lower than the survey average of 62%
“With the rapid escalation of critical infrastructure cybersecurity threats, industrial control organisations have a lot to do,” said Dwayne Melancon, chief technology officer for Tripwire. “It is encouraging that they are embracing a risk-based view of their operations at a higher than average rate, but this is not enough to protect them against determined attackers. It is imperative for this sector to get a handle on system hardening and configuration management practices to improve security and reliability. Even though industrial sector organizations are actively considering security risks, they must also improve their willingness to elevate key risks to the executive level. Security risks must be considered in context with overall business risk or the entire organization’s success will be in jeopardy.”
  • The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organisations in a variety of industries.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo