Cyber Attacks Against Energy Sector Jump in 2013: ICS-CERT

New data from the U.S Department of Homeland Security revealed that the department’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 200 incident between Oct. 2012 and May 2013.

The roughly 200 incidents occurred across all critical infrastructure sectors. According to the data, the highest percentage of incidents reported to the organization occurred in the energy sector (53 percent). The next highest percentage belonged to the critical manufacturing sector, which reported 17 percent of the incidents ICS-CERT investigated.

“The majority of these incidents involved attacker techniques such as watering hole attacks, SQL injection, and spear-phishing attacks,” according to an ICS-CERT report. “In all cases, ICS-CERT evaluates the information available to determine if successful compromise has occurred, the depth and breadth of the compromise, and the potential consequences to critical infrastructure networks.”

While most of ICS-CERT’s response activities are conducted remotely – through analysis of malware, log files, etc – ICS-CERT also deploys onsite teams to affected entities to review network topologies, identify infected systems and collect other data as needed. During the aforementioned months – which make up the first half of fiscal year 2013 – ICS-CERT deployed five onsite teams, compared to six for all of fiscal year 2012. All of the incidents involved “sophisticated threat actors who had successfully compromised and gained access to business networks,” according to the report.

Those numbers represent a drastic change from past years. Last year, ICS-CERT revealed that it dealt with just nine incident reports back in 2009. In 2010, that number stood at 41. By 2011, the number had reached 198, with seven resulting in the deployment of onsite incident response teams. The most common threat vector for network intrusion was spear-phishing, which accounted for seven of the 17 incidents between 2009 and 2011 that triggered an onsite assessment by ICS-CERT.

According to ICS-CERT, 11 of those 17 incidents were perpetrated by “sophisticated threat actors” trying to steal data.

“The recent report by the DHS ICS-CERT is further proof that malicious actors see the energy sector as a target that is ripe with opportunity and one that is still quite susceptible to being exploited,” said Lila Kee, North American Energy Standards Board member and chief product and marketing officer at GlobalSign. “The report notes that the first half of 2013 yielded 200 brute-force cyber-attacks, surpassing 2012’s total of 198 attacks. Although attacks on major gas and electric systems are nothing new to those in the industry, these facts serve as evidence that low-level criminals, all the way up to state-sponsored groups see the value in compromising our nation’s critical infrastructure.”

The documented frequency and intensity of these attacks shows that the world has entered into a new era that requires the energy sector and other critical infrastructure companies to follow US-CERT recommendations and report cyber incidents quickly, she said. Those corporations should also implement security standards to apply preventative measures to prepare for the ever-increasing number of attacks, she added.

Related: Cyber Attacks Targeted Key Components of Natural Gas Pipeline Systems