Security Experts:

Connect with us

Hi, what are you looking for?



Critical Infrastructure Incidents Increased in 2015: ICS-CERT

A total of 295 incidents involving critical infrastructure in the U.S.

A total of 295 incidents involving critical infrastructure in the U.S. were reported to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in the fiscal year 2015, compared to 245 in the previous year.

Statistics provided by ICS-CERT for 2015 show that one-third of the incidents impacted the critical manufacturing sector, which in 2014 accounted for 27 percent of incidents.

The increase was the result of a spear-phishing campaign launched by an advanced persistent threat (APT) actor against organizations in critical manufacturing and other sectors. The attacker, believed to be the threat group known as APT3, exploited a zero-day vulnerability in Adobe Flash Player (CVE-2015-3113) in its operations.

In 2014, the same actor launched a reconnaissance operation in which it used social engineering tactics to trick the employees of the targeted organizations into handing over valuable information, ICS-CERT said.

The energy sector, which in 2014 accounted for 32 percent of critical infrastructure incidents, reported only 46 incidents in 2015, which represents 16 percent of the total. Incidents were also reported in sectors such as water (25), transportation systems (23), government facilities (18), healthcare (14) and communications (13).

ICS-CERT said it responded to a significant number of incidents involving improperly configured infrastructure where ICS networks were connected to corporate networks and even directly to the Internet.

While in more than one-third of cases investigators could not determine the infection vector used by the attackers, more than 100 incidents involved spear phishing.

The number of reports regarding network scans and probes by external parties decreased by more than 50 percent in 2015 compared to the previous year. However, ICS-CERT noted that this trend could mean organizations are becoming better at handling such low-level issues on their own, and not necessarily a drop in the frequency of scanning and probing attempts.

On one hand, ICS-CERT has found that in 69 percent of incidents there had been no evidence that the attackers successfully breached the targeted organization, compared to 49 percent in 2014. On the other hand, the agency pointed out that the number of successful intrusions into control system environments increased from 9 percent in 2014 to 12 percent in 2015. In 12 percent of cases there was indication that the attackers gained access to the target’s business network.

ICS-CERT’s report is based on information from asset owners, the Information Sharing and Analysis Center (ISAC), third-parties and researchers, and US government sources. However, the agency noted that not everyone shares incident reports.

Recent events in Ukraine, where malware attacks resulted in massive power outages, have demonstrated the damage a malicious cyber actor can cause if it gains access to critical infrastructure systems. The attacks in Ukraine involved BlackEnergy malware and they have been blamed on Russia, although there is no solid evidence to support the allegations.

Related: Ukraine Accuses Russia of Cyber Attack on Kiev Airport

Related: Learn More at the ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).