Recent article from Dark Reading, June 29: U.S. Critical Infrastructure Cyber Attack Reports Jump Dramatically.
The number of cyber security incidents rose dramatically between 2009 and 2011, according to a new report from the U.S. Industrial Control System Cyber Emergency Response Team (ICS-CERT).
In 2009, the ICS-CERT team fielded 9 incident reports. In 2010, that number was 41. In 2011, it was 198.
All totaled, ICS-CERT performed 17 onsite assessments during 2009, 2010, and 2011. The most common attack vector for network intrusion was spear-phishing attacks, which accounted for 7 of the 17 incidents. Sophisticated threat attacks were tied to 11 of the incidents.
No intrusions were identified directly into the control system networks, however many of the organizations networks are flat and interconnected, which, once the threats have gained access, could allow them to move laterally into other portions of the network, including the control systems.
In 12 of the 17 cases, implementing security best practices such as login limitations and properly configured firewalls could have deterred the cyber attack, minimized the time it to to detect it, or reduced the impact, the ICS-CERT reports.
According to the report, 10 of the 17 organizations could have detected an intrusion by using ingress/egress filtering of known bad IP addresses and domain names. In 3 of the 17 cases, asset owners had been notified of a cyber attack or intrusion by external organizations, and in 2 additional cases, the incident had been identified by a hired 3rd party such as a consultant or integrator.
To deal with the spear-phishing, it was suggested that companies develop a security training program that involves sending mock phishing emails to employees.
Pretty sobering stuff, huh? Incidents specific to the water sector, accounted for more than 1/2 of the incidents due to a larger number of internet facing control system devices.
Nancy Sykora
Sr. Account Executive
