National critical IT infrastructure is under-invested, says ISF

Under-investment leads to poor network resilience and risk of complete loss of communications

The ISF claims under-investment in IT increases the risks of cyber attack

The critical infrastructure of countries and organisations is threatened by cyber attack, according to a new report, Threat Horizon 2012, from independent information security authority The Information Security Forum (ISF).

Threats are driven by under-investment in both organisational and national critical infrastructure, which the ISF states has weakened underlying IT platforms.

The report lists the 10 most likely threat scenarios that organisations face in the future. They include the rapid adoption of cloud computing, increasing use of mobile devices, growth of cybercrime and online espionage and the merging of home and work life.

"Organisations right now need to be thinking people, processes and technology, not just technology, which is the mistake that many security and risk professionals make," said Adrian Davis, principal research analyst at ISF.

The report follows closely on the heels of a cyber attack in Iran which affected a nuclear facility at Bushehr, just the sort of critical infrastructure about which the ISF report warns.

The attack used the Stuxnet worm, which is programmed specifically to target and reprogram industrial systems.

Rodney Joffe, senior vice president and senior technologist at managed services provider Neustar, believes that the risks presented by Stuxnet are extreme.

"Stuxnet is the prime example of the modern, targeted cybermunition. It’s capable of being unleashed anonymously somewhere in the world, finding its way to a highly specific set of targets and then destroying them."

Joffe concluded by warning: "Malware can seek out and surgically disable critical systems. Who needs to spend years training pilots to hijack aircraft, when you can crash them with a few clicks of a keyboard?"