Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

ICS-CERT Report Shows Spike in Critical Infrastructure Cyber Attacks

According to a recently released report coming from the DHS-managed Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. companies that operate control systems associated with critical infrastructure have experienced a spike in what ICS-CERT calls “cyber incidents” in recent years.

Rise in Cyber Attacks on Critical Infastructure

According to a recently released report coming from the DHS-managed Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. companies that operate control systems associated with critical infrastructure have experienced a spike in what ICS-CERT calls “cyber incidents” in recent years.

Rise in Cyber Attacks on Critical Infastructure

When ICS-CERT first launched in 2009, just nine incident reports were received, resulting in only four being confirmed as actual incidents.

Moving into 2010, ICS-CERT received 41 reports of incidents impacting organizations that own and operate control systems associated with critical infrastructure. In 2011 that number jumped to 198 reports.

During 2011, the report highlights that incidents specific to the Water Sector, when added to those that impacted multiple sectors, accounted for over half of the incidents due to a large number of Internet-facing control system devices reported by independent researchers.

ICS-CERT Incident Reports 2011

In terms of attack vectors, according to the report, the most common network intrusion vector was spear-phishing emails containing malicious links or attachments. Overall, Spear-phishing accounted for 7 out of 17 incidents that resulted in onsite deployment of ICS-CERT personnel, indicating that these tend to be the most damaging attacks. At least one incident involved an infection via a USB device, while sophisticated threat actors were present in 1 incident.

It’s also important to remember that these numbers are only incidents reported to ICS-CERT, and that many incidents never are reported to ICS-CERT, or even identified for that matter.

ICS-CERT notes that any critical infrastructure owner/operator can request its support with any cyber-related incident, and when appropriate get the assistance of an onsite incident response team to help with immediate mitigation efforts, provide cybersecurity threat briefings, and help with future defense strategies.

“A fundamental challenge utilities face is that supervisory control and data acquisition (SCADA) systems were not designed to be secure,” said Chris Petersen,CTO and co-founder of LogRhythm, speaking on the subject of recent ICS-CERT warnings. “Much of the existing infrastructure was developed and implemented prior to the rise of the Internet. Security was most often thought of in the physical sense.”

Advertisement. Scroll to continue reading.

“The heat is on when it comes to protecting critical infrastructure in the United States. Unless the industry takes major steps to bolster its overall cyber security, 2012 could be the year hackers cause major disruptions that impact thousands of people,” Petersen added.

“Cybersecurity gaps can occur when personnel at all levels of an organization do not clearly understand security risks to the control systems environment,” the ICS-CERT report noted. “Cybersecurity gaps also can occur when personnel have an insufficient understanding of the technical impacts of inadequate security policies. Organizations often fail to develop common technical and security standards for the IT and control systems components of their environments. Without such standards, it may be impossible to create an effective security posture.”

The full Incident Response Summary Report is available here as a PDF download.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.