Homeland Security

Critical infrastructure sector sees big uptick in breach attempts

cybersecurity concept

U.S. critical infrastructure systems experienced a 20 percent increase in attempted cybersecurity breaches in fiscal year 2015, according to an end-of-the-year report from the Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team, a group tasked with reducing the risk of cyber attack against U.S. critical infrastructure.

According to the report, the ICS-CERT responded to 295 cybersecurity incidents involving critical infrastructure, compared to fiscal 2014's 245.

Despite the increase in total number of incidents, last year's most commonly targeted sector, Energy, experienced a 42 percent decline in breach attempts. Increased efforts to crack the critical manufacturing sector helped add to the overall gain. That sector was the primary target of "a widespread spear-phishing campaign," the report stated.

Hackers are increasingly going after low-hanging fruit. DHS "responded to a significant number of incidents enabled by insufficiently architected networks," the report noted. "It is uncertain if this was a change in targeting by adversaries, if these systems merely represented targets of opportunity, or if there is some other explanation."

In fiscal 2014, there were 42 "relatively easy to execute and demonstrably effective" spear phishing incidents. In fiscal 2015, that number surged to 109. The report stressed the need for infrastructure operators to remove easily exploited vulnerabilities from their systems and move to real time network monitoring.

Some organizations have improved their deftness at independently handling security threats. Unsuccessful or successfully thwarted incidents comprised 69 percent of the total incidents, up almost 30 percent from fiscal year 2014.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected