Enterprise Strategy Group | Getting to the bigger truth.TM

WikiLeaks, Critical Infrastructure, and Cyber Security
Jon Oltsik   |   Tuesday December 7, 2010  |  0 comments | Filed under: Uncategorized

The world is up in arms about the WikiLeaks release of a secret cable written in 2009 revealing over 100 facilities that the United States considers Critical Infrastructure and Key Resources (CIKR). The list includes undersea communications cables, hydroelectric plants, pharmaceutical facilities, and chemical manufacturing plants.

Yes, exposing specific facilities is a problem but it would be relatively easy for a diligent adversary to go through publicly-available information and piece together a similar list. WikiLeaks made this task easier but these critical infrastructure organizations and segments weren’t the best kept secret before the documents were posted.

Aside from focusing on these leaks, we must also ask ourselves an important related question: Are these critical infrastructure facilities vulnerable to attack?

I leave the question of physical vulnerability to the military, intelligence, and law enforcement community but I will comment on critical infrastructure vulnerability as it relates to cyber security. According to the recently published ESG Research Report, “Assessing Cyber Supply Chain Vulnerabilities in the U.S. Critical Infrastructure,” 20% of the critical infrastructure organizations surveyed said that their existing security policies, processes, and technology safeguards were “fair” or “poor.” (Note: The entire report is available for download on the ESG website, www.enterprisestrategygroup.com). Additionally, the research indicated that the health care sector tended to be less secure than other industries, which is particularly troubling in light of the WikiLeaks documents.

If I were the CISO at the pharmaceutical facilities identified in France and Denmark, I’d be doing emergency vulnerability assessments and making risk management decisions as a result of WikiLeaks. The ESG data indicates that this type of cyber security behavior shouldn’t be limited to facilities identified on WikiLeaks, however–rather it should be persistent across all critical infrastructure organizations.

Related posts:

  1. WikiLeaks and Cyber Security
  2. Critical Infrastructure Organizations Want Cyber Security Help From the Government
  3. Are Critical Infrastructure Organizations Unaware of Security Incidents?
  4. New ESG Research Report Points To Security Vulnerabilities In the US Critical Infrastructure
  5. Corporate Executives Remain Lukewarm on Cyber Security

Tags: CIKR, Critical Infrastructure, , , , WikiLeaks

All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.

Add a comment

Search
About ESG | Register | Contact Us | Disclosure Policy | Terms of Use | Privacy Policy
© 2010 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site