Critical Read

Critical infrastructure cyberattacks increase across the Americas

Shutterstock image (by Arthimedes): 3d polygonal illustration of earth, western hemisphere.

(Image: Arthimedes / Shutterstock)

What: "Report on Cybersecurity and Critical Infrastructure in the Americas," from the Organization of American States and Trendmicro.

Why: Attacks on critical infrastructure providers by attackers looking to steal information and even destroy critical government, energy, banking and other industries' networks have spread across dozens of countries in the Americas. OAS's survey of 575 critical infrastructure CIOs in 26 countries in North and South America found that more than 75 percent had seen an upswing in attacks. Most of those were seeking information, but an increasing number looked to do physical damage to systems. Attacks were driven by cybercrime, geopolitics and hacktivism. The survey included government systems, which along with the energy sector were the top two industries that experienced destructive attacks. Communications and banking sectors followed.

Phishing was the top attack technique, with 70 percent of the respondents saying they had experienced such an attack. Unpatched vulnerabilities were next on the attack list, with 50 percent saying they'd experienced such an attack. Next, in descending order were distributed denial of service, SQL injection, cross site scripting, hacktivist-originated attacks and advanced persistent threats.

Flat budgets and lack of planning among critical infrastructure companies were part of the increasing problem, said the report. It found that 52 percent of the CIOs it polled in the region said they had a cyber incident response plan in place. The same percentage said their security budgets hadn't increased in the last year, however. Only 5 percent said they were very prepared for a cyberattack, with 35 percent saying they were prepared, and 40 percent said they were somewhat prepared.

There was some good news. The survey found that 68 percent of critical infrastructure companies trusted their government to support advancements in dealing with the threat. That could indicate the barrier to more dialogue among public/private critical infrastructure companies might be lower than it has seemed and could only require them to reach out to each other to start the process.

Verbatim: "There is no doubt that this hyper-connectivity is a powerful development tool and opportunity for growth for governments, business, and individuals alike—a tool that must remain open and accessible despite the inherent risks. The challenge lies in our ability to balance and manage these risks for the foreseeable future. The openness and ease of access of a hyper-connectivity has lowered the barriers to entry for criminal entrepreneurs as they can participate in illicit activities from almost anywhere. This makes it difficult for law enforcement to link the crime to the perpetrator and jurisdiction."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.