Utility companies are routinely connecting insecure SCADA/ICS systems to the public internet, according to the report.

Seventy-six per cent of respondents with SCADA/ICS responsibilities said their networks were “connected to an IP network or the Internet.” Nearly half of those connected, 47 per cent, admitted that the connection created an “unresolved security issue.”

Luckily however, a huge majority (92 per cent) of those responsible for SCADA systems reported monitoring them in some way. The most widely adopted measures were network behavior analysis tools (62 per cent overall), with China (100 per cent), the United Kingdom (78 per cent), and Mexico (75 per cent) the top adopters of such tools. Fifty-nine percent of respondents used audit logs, with Germany (90 per cent) and China (82 per cent) at the forefront of adoption.

“Governance issues are at the center of any discussion of security for critical infrastructure,” said Stewart Baker distinguished visiting fellow at CSIS and Lawyer at Steptoe and Johnson. “The relationships between the governments and private sector organisations involved are complex but it is essential that each have faith in the others ability. The security industry will always strive to stay one step ahead, but in the absence of any technological silver bullet, regulation has a role to play in defending critical infrastructures around the world.”

The report also found that 54 per cent of executives claimed that they had experienced “large-scale denial of service attacks by high level adversary like organized crime, terrorists or nation-state”. By nearly two to one, those who said the vulnerability of their sector to cyberattacks had increased over the past year outnumbered those who said it had decreased (37 per cent, as opposed to 21 per cent). Interestingly, a clear 45 per cent believed their governments were either “not very” or “not at all” capable of preventing and deterring future cyberattacks.