Cyber incident reports skyrocket over three-year period

The number of cybersecurity incidents involving potential attacks on critical infrastructure increased by more than 2,000 percent between 2009 and 2011, according to a new report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

In 2009, ICS-CERT, which is part of the Homeland Security Department, received nine incident reports; that number jumped to 41 in 2010 and 198 in 2011.

In 2009 and 2010, the energy sector was the target of the most incidents, accounting for a third of all reports in 2009 and for 44 percent in 2010. In 2011, water utilities saw 41 percent of the incidents reported to ICS-CERT, and attacks on multiple sectors made up 25 percent.

“Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for over half of the [2011] incidents due to a large number of Internet-facing control system devices reported by independent researchers,” the report noted.

Not all reports were actually cyber attacks, and only a handful of reported incidents required on-site response from ICS-CERT. In 2009, four of the nine reports required in-person assistance. In 2011, seven of the 198 reports called for on-site help, while 21 were handled with remote analysis by the Advanced Analytics Lab, as Dark Reading reported.

In some cases – including those involving Internet-facing control systems – ICS-CERT coordinated with a vendor providing a number of the systems’ platforms to mitigate vulnerabilities and identify and alert those affected.

A large number of incidents involved “sophisticated and targeted spear-phishing campaigns” that opened the door to theft and further network infiltration, according to the report.

“In all cases, ICS-CERT works with reporting organizations to help determine if the control network was compromised and provides mitigations to detect and mitigate the activity,” the report noted, citing as examples the organization’s assistance in responding to the Night Dragon and Nitro attacks.

After the most serious reported incidents, in which ICS-CERT responded in person, the main goals were to assess the nature and extent of the attack, then develop guidance and recommendations for recovery and future protection – although the organization doesn’t provide actual recovery services.

The next steps for ICS-CERT are to glean all the information from an attack to build better situational awareness and provide alerts to the critical infrastructure community; that data is then correlated with past incidents and shared with National Cybersecurity and Communications Integration Center partners, according to the report.

“These incidents highlight the activity of sophisticated threat actors and their ability to gain access to system networks, avoid detection, use advanced techniques to maintain a presence, and exfiltrate data,” the report stated. “These findings highlight areas for improvement in protecting control systems networks.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group