LogLogic Research Uncovers Cyber Attacks At U.S. Energy Companies

SAN JOSE, Calif. — August 5, 2009 — LogLogic®, the security and log management leader, today released a report detailing information about IT security industry benchmarks and best practices for the energy sector as practiced by security professionals from a variety of energy and utilities companies throughout the United States. The report covers best practices around measuring security effectiveness and security spending as well as common challenges around regulatory compliance.

“Ever since cyberspies hacked the U.S. electrical grid earlier this year, businesses have become increasingly aware that a security breach at an energy company that results in a major blackout has the potential to wreak havoc,” said Pat Sueltz, CEO at LogLogic. “We talked to leading information security professionals in the energy sector to find out how they determine the level of risk they carry and architect their security infrastructures to fortify against both internal and external attacks.”

The study surveyed information security professionals from a broad spectrum of energy corporations and government organizations ranging from less than $99 million to more than $1 billion in annual revenue. Of the respondents, two-thirds field more than 75 serious security vulnerabilities each week, with half resolving more than 150 attacks per week.

The report also uncovered sentiment that regulatory compliance in the energy sector is not seen as adequate enough to keep businesses secure. When asked about challenges associated with the North American Electric Reliability Corporation (NERC), one manager of IT security said, “NERC doesn’t clearly outline the definition of roles and responsibilities, nor the definition of what cyber security actually is. There is still confusion around this, and we're still managing through that.”

When measuring return on investment for IT security, log management was mentioned as an essential solution with high ROI. One manager of information security at a major natural gas and electric facility in the U.S. commented, “A leading industry analyst firm measured the economic impact of our log management solution and reported that we're getting a 193% return on investment (ROI) each year. We also regained our full investment within two weeks of deployment our log management system.”

Download a free copy of “Securing U.S. Critical Infrastructure from Cyber Attacks”.