Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
DHS reports surge in cyber attacks against critical infrastructure
Wednesday - 7/4/2012, 5:15pm EDT
In 2011, companies reported 198 cyber incidents to the Homeland Security Department — a nearly 383 percent increase above 2010, according to a June 28 report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Companies reported nine such incidents in 2009., when DHS opened ICE-CERT to help protect private-sector operators critical infrastructure from "emerging" cyber threats.
Water facilities claimed the lion's share of reported incidents, about 41 percent. ICS-CERT also logged reports from energy, nuclear and chemical facilities.
|Click image to enlarge|
For seven of the reported cases in 2011, ICS-CERT deployed on-site incident response teams at the behest of the companies involved..
Based on those on-site deployments, the agency pointed to some trends and commonalities among the incidents.
Spear-phishing most common method
The most common method of network intrusions was spear-phishing emails containing malicious links or attachments. Of the 17 incidents ICS-CERT investigated more closely, seven used spear phishing.
ICS-CERT also found many companies inadequately equipped to handle network intrusions. In 12 of the 17 cases, implementing certain security features, such as limiting log-ins and properly configuring firewalls "could have deterred the attack, significantly reduced the time to detect the attack or at least reduced the impact of the incident," according to the report.
Most of the companies the agency responded to were also lacking tools to detect intrusions into their networks.
The security gaps fall into three broad categories, ICS-CERT said: people, process and technology. Companies can be hindered by employees who don't understand risks, a lack of sufficient security strategies and inadequate technology.
As the number and sophistication of cyber intrusions continue to increase, ICS-CERT issued guidance on what companies should to respond to cyber attacks.