Cyber incident reports skyrocket over three-year period

The number of cybersecurity incidents involving potential attacks on critical infrastructure increased by more than 2,000 percent between 2009 and 2011, according to a new report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

In 2009, ICS-CERT, which is part of the Homeland Security Department, received nine incident reports; that number jumped to 41 in 2010 and 198 in 2011.

In 2009 and 2010, the energy sector was the target of the most incidents, accounting for a third of all reports in 2009 and for 44 percent in 2010. In 2011, water utilities saw 41 percent of the incidents reported to ICS-CERT, and attacks on multiple sectors made up 25 percent.

“Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for over half of the [2011] incidents due to a large number of Internet-facing control system devices reported by independent researchers,” the report noted.

Not all reports were actually cyber attacks, and only a handful of reported incidents required on-site response from ICS-CERT. In 2009, four of the nine reports required in-person assistance. In 2011, seven of the 198 reports called for on-site help, while 21 were handled with remote analysis by the Advanced Analytics Lab, as Dark Reading reported.

In some cases – including those involving Internet-facing control systems – ICS-CERT coordinated with a vendor providing a number of the systems’ platforms to mitigate vulnerabilities and identify and alert those affected.

A large number of incidents involved “sophisticated and targeted spear-phishing campaigns” that opened the door to theft and further network infiltration, according to the report.

“In all cases, ICS-CERT works with reporting organizations to help determine if the control network was compromised and provides mitigations to detect and mitigate the activity,” the report noted, citing as examples the organization’s assistance in responding to the Night Dragon and Nitro attacks.

After the most serious reported incidents, in which ICS-CERT responded in person, the main goals were to assess the nature and extent of the attack, then develop guidance and recommendations for recovery and future protection – although the organization doesn’t provide actual recovery services.

The next steps for ICS-CERT are to glean all the information from an attack to build better situational awareness and provide alerts to the critical infrastructure community; that data is then correlated with past incidents and shared with National Cybersecurity and Communications Integration Center partners, according to the report.

“These incidents highlight the activity of sophisticated threat actors and their ability to gain access to system networks, avoid detection, use advanced techniques to maintain a presence, and exfiltrate data,” the report stated. “These findings highlight areas for improvement in protecting control systems networks.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group