Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
DHS reports surge in cyber attacks against critical infrastructure
Wednesday - 7/4/2012, 5:15pm EDT
In 2011, companies reported 198 cyber incidents to the Homeland Security Department — a nearly 383 percent increase above 2010, according to a June 28 report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Companies reported nine such incidents in 2009., when DHS opened ICE-CERT to help protect private-sector operators critical infrastructure from "emerging" cyber threats.
Water facilities claimed the lion's share of reported incidents, about 41 percent. ICS-CERT also logged reports from energy, nuclear and chemical facilities.
|Click image to enlarge|
For seven of the reported cases in 2011, ICS-CERT deployed on-site incident response teams at the behest of the companies involved..
Based on those on-site deployments, the agency pointed to some trends and commonalities among the incidents.
Spear-phishing most common method
The most common method of network intrusions was spear-phishing emails containing malicious links or attachments. Of the 17 incidents ICS-CERT investigated more closely, seven used spear phishing.
ICS-CERT also found many companies inadequately equipped to handle network intrusions. In 12 of the 17 cases, implementing certain security features, such as limiting log-ins and properly configuring firewalls "could have deterred the attack, significantly reduced the time to detect the attack or at least reduced the impact of the incident," according to the report.
Most of the companies the agency responded to were also lacking tools to detect intrusions into their networks.
The security gaps fall into three broad categories, ICS-CERT said: people, process and technology. Companies can be hindered by employees who don't understand risks, a lack of sufficient security strategies and inadequate technology.
As the number and sophistication of cyber intrusions continue to increase, ICS-CERT issued guidance on what companies should to respond to cyber attacks.