DHS says cyber attacks on the rise
SUBNET Solutions Inc | July 6, 2012
Companies tasked with managing critical infrastructure around the country are all reporting an increased number of cyber attacks on their systems compared with three years ago, a new report from the Department of Homeland Security (DHS) shows.
According to CNN, the report states that the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has confirmed that the number of attacks on U.S. critical infrastructure companies is on the rise, and what could be most startling is the attackers' preference for hitting companies that have access to the power grid, as well as water filtration facilities and nuclear reactors.
The report detailed 198 incidents that were reported to the DHS in 2011, compared with just nine reported incidents in 2009. Emergency response teams were dispatched to the physical locations of 17 out of the 198 cases last year to further assess the attacks and determine what damage had been done.
The most common attack, the team found, was spear-phishing - a technique that has the ability to taint a company's network by delivering malicious attachments that also provide access to sensitive information. These attacks were noted in 11 of the 17 attacks that were investigated by emergency response teams.
"Incident response is an essential part of cybersecurity," DHS spokesman Peter Boogaard recently stated. "DHS has made a consistent effort to work with public and private sector partners to develop trusted relationships and help asset owners and operators establish policies and controls that prevent incidents. The number of incidents reported to DHS's ICS-CERT has increased partly due to this increased communication."
Another investigation at a nuclear facility showed the attack was caused by a USB drive that an employee had used to transfer data onto a laptop. The harmful materials delivered malware which then spread to 100 hosts across the network, according to the news source.
The report outlined the most common ways attackers were able to gain leverage over a system, which included employees who were not aware of the dangers of cyber attacks, and certain system flaws that created dangerous vulnerabilities.
Utilities looking to introduce smart grid technologies such as substation automation to their network can use SUBNET products and solutions to add intelligence to the grid. What's more, these products help utilities meet strict NERC CIP standards, ensuring grid reliability and security.
Substation Cyber Security