According to a new report issued by The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), cyber threats have increased significantly for US energy companies, public water districts and other infrastructure facilities.
During 2011, the Team received 198 reports of suspected cyber incidents, 4 times more than those received in 2010. In several cases, firms were infected with malicious software designed for espionage and fraud indicating an increase in targeted attacks. In addition, ICS-CERT responded to more than 100,000 incident reports and released more than 5,000 actionable cybersecurity alerts and information products.
ICS-CERT has been able to learn from the various incidents facing infrastructure companies. For example, the Water Sector had 41% of all incident reports and many of them were due to an unsecured authentication mechanism in an internet facing control system shared by many companies; based on this, ICS-CERT was able to work with the vendor to patch the vulnerability. This kind of action shows how data sharing and co-ordination can
Attacks on infrastructure can obviously have catastrophic effects, so we all need to be concerned about efforts being made to protect the networks at these companies. There is currently a proposal put forth by the Obama administration to better co-ordinate efforts between DHS and the private sector.
Download the full report of 2009-2011 data and analysis here [PDF].