Millions of Americans rely on our critical infrastructure to keep the lights on, keep the water clean and get from point A to point B. Critical industries like energy, utilities and transportation keep the global economy moving and maintain our quality of life. But the same systems that are used to improve efficiencies at these organizations are increasingly threatened by cyberattacks.
An attack on a power grid in Ukraine, an attempted attack on electric companies in the United States, and attacks on banks in Russia and other European countries are just a glimpse at the growing cyberthreat to key infrastructure resources. Applications power all of this critical technology, and many of these applications are riddled with security flaws. In fact, according to our recent State of Software Security report, less than one-third of applications in critical infrastructure technology stacks passed the basic industry standards referred to as OWASP on the first scan of code and saw no improvement in the most recent scan.
The good news is that some industries are doing cybersecurity right, and those best practices can be passed on to those that might still need some work. Some of the public agencies that manage our critical energy, utility and transportation infrastructures can learn from security practices and improvements being made in the private sector.