Cyber incident reports skyrocket over three-year period

The number of cybersecurity incidents involving potential attacks on critical infrastructure increased by more than 2,000 percent between 2009 and 2011, according to a new report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

In 2009, ICS-CERT, which is part of the Homeland Security Department, received nine incident reports; that number jumped to 41 in 2010 and 198 in 2011.

In 2009 and 2010, the energy sector was the target of the most incidents, accounting for a third of all reports in 2009 and for 44 percent in 2010. In 2011, water utilities saw 41 percent of the incidents reported to ICS-CERT, and attacks on multiple sectors made up 25 percent.

“Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for over half of the [2011] incidents due to a large number of Internet-facing control system devices reported by independent researchers,” the report noted.

Not all reports were actually cyber attacks, and only a handful of reported incidents required on-site response from ICS-CERT. In 2009, four of the nine reports required in-person assistance. In 2011, seven of the 198 reports called for on-site help, while 21 were handled with remote analysis by the Advanced Analytics Lab, as Dark Reading reported.

In some cases – including those involving Internet-facing control systems – ICS-CERT coordinated with a vendor providing a number of the systems’ platforms to mitigate vulnerabilities and identify and alert those affected.

A large number of incidents involved “sophisticated and targeted spear-phishing campaigns” that opened the door to theft and further network infiltration, according to the report.

“In all cases, ICS-CERT works with reporting organizations to help determine if the control network was compromised and provides mitigations to detect and mitigate the activity,” the report noted, citing as examples the organization’s assistance in responding to the Night Dragon and Nitro attacks.

After the most serious reported incidents, in which ICS-CERT responded in person, the main goals were to assess the nature and extent of the attack, then develop guidance and recommendations for recovery and future protection – although the organization doesn’t provide actual recovery services.

The next steps for ICS-CERT are to glean all the information from an attack to build better situational awareness and provide alerts to the critical infrastructure community; that data is then correlated with past incidents and shared with National Cybersecurity and Communications Integration Center partners, according to the report.

“These incidents highlight the activity of sophisticated threat actors and their ability to gain access to system networks, avoid detection, use advanced techniques to maintain a presence, and exfiltrate data,” the report stated. “These findings highlight areas for improvement in protecting control systems networks.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group