McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeAbout UsNewsroomNews Archive

McAfee Inc. Provides Guidance to Improve Critical Infrastructure Security

Breach of Electric Grid Serves As “Wake-up Call,” Critical Infrastructure Vulnerabilities Are Spread Far And Wide

SANTA CLARA, Calif., April 09, 2009 - Recent reports that the US electrical grid has been penetrated by spies from China and Russia has prompted security experts from McAfee, Inc. (NYSE:MFE) to issue a warning and advice to organizations tasked with protecting the nation’s critical infrastructures. Former national security officials have said that cyberspies penetrated the electrical grid and have left behind software programs that could disrupt the system.

“This is a serious wake-up call about a clear threat to our nation’s essential public services,” said Phyllis Schneck, vice president of threat intelligence for McAfee. “The electric grid is crucial to the health and welfare of the global public, economy and communications, and protecting the security of the cyber systems that run the grid is of the utmost importance. Unfortunately, this is not the first time these types of breaches have occurred. Systems such as the electric grid are especially vulnerable because they were built for reliability and availability and now we are retrofitting security into massively connected, intricate systems.”

Infrastructure Threats are Not New
The disclosure of electrical grid vulnerabilities confirms what McAfee® experts have said for some time. Traditionally, critical networks have had little to no cyber protection, and have relied on physical protection from guards, gates and guns. Today these networks are being expanded to provide remote monitoring and management and are linked up to corporate networks, opening doors for attackers.

In a study released in November 2008, more than 50 percent of respondents said that utilities, oil and gas, transportation, telecommunications, chemical, emergency services and postal/shipping industries were not prepared for a cyberattack. The McAfee study surveyed 199 international security experts and other industry insiders from utilities, oil and gas, financial services, government, telecommunications, transportation and other critical infrastructure industries.

What Organizations Should Do to Protect Critical Infrastructures
Organizations, particularly energy companies, need to establish multi-function task forces that include IT staff and security experts. McAfee recommends that critical infrastructure asset owners and operators take five steps towards greater cybersecurity:

  • Performing ongoing vulnerability assessments
  • Vigilant monitoring of network automation and control systems
  • Sharing information about threats and attacks through the industry Information Sharing and Analysis Centers (ISACs) such as the electricity sector ISAC and up the chain of command within organizations
  • Taking a proactive approach utilizing global threat intelligence and implementing reputation-based technology
  • Thinking beyond regulatory compliance

McAfee experts are available to provide more insight and analysis.

About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world's largest dedicated security technology company. McAfee is relentlessly committed to tackling the world's toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse and shop the web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com

NOTE: McAfee, Avert and any additional McAfee marks herein are registered trademarks of McAfee, Inc. and/or its affiliates in the U.S. and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. Product specifications subject to change at any time without prior notice. © 2009 McAfee, Inc. All rights reserved.

McAfee, Inc.
Joris Evers, 408-346-3310
joris_evers@mcafee.com
or
Red Consultancy
Ian Bain, 415-618-8806
Ian.bain@redconsultancy.com

Canada - English