Cyber threats to critical infrastructure assets such as electrical & water utilities, airports, oil & gas facilities, chemical plants, etc, are generally malicious in nature (ie not primarily financially motivated) and can potentially involve very wide-ranging and fundamental damage. SCADA systems of critical infrastructure assets represent an major area of weakness, particularly given the age of many SCADA systems, which use out-dated computer operating systems, open architecture and open internet connectivity.

The increase in complexity and sophistication of cyber attacks in recent years against utilities is highlighted in a recent report by InfoSec into critical infrastructure and SCADA risk in USA (See graph). The results show that threats with a low risk of causing damage decreased from 90% in 2000 to 48% in 2012, whilst threats with medium risk vulnerability increased from 5% to 47%.