Energy sector tops list of US industries under cyber attack, says Homeland Security report

Washington, DC. March 12, 2015 — A report issued today by the US Department for Homeland Security says that in 2014 the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 245 incidents reported by asset owners and industry partners.

The energy sector, says Jeremy Cowan, led all others again in 2014 with 79 reported incidents, followed by manufacturing at 65 and worryingly healthcare at 15 reported incidents. ICS-CERT’s continuing partnership with the Energy sector reportedly provides many opportunities to share information and collaborate on incident response efforts.

Also noteworthy in 2014 were the incidents reported by the Critical Manufacturing sector, some of which were from control systems equipment manufacturers. The ICS vendor community may be a target for sophisticated threat actors for a variety of reasons, including economic espionage and reconnaissance. Of the total number of incidents reported to ICS-CERT, roughly 55% involved advanced persistent threats (APT) or sophisticated actors.

 

Security.ICS-CERT_Monitor.crop

Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data, says the US Department. The scope of incidents encompassed a vast range of threats and observed methods for attempting to gain access to both business and control systems infrastructure, including but not limited to the following:

  • Unauthorised access and exploitation of Internet facing ICS/Supervisory Control and Data Acquisition (SCADA) devices
  • Exploitation of zero-day vulnerabilities in control system devices and software
  • Malware infections within air-gapped control system networks
  • SQL injection via exploitation of web application vulnerabilities
  • Network scanning and probing
  • Lateral movement between network zones
  • Targeted spear-phishing campaigns
  • Strategic web site compromises (a.k.a., watering hole attacks.)

The majority of incidents were categorised as having an “unknown” access vector. In these instances, the organisation was confirmed to be compromised; however, forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network.

Security.2.ICS-CERT_gov_sites.crop

Rob Miller, security consultant at MWR InfoSecurity, tells M2M Now, “Many organisations we work with are taking these reports very seriously. The report shows that the rate of new vulnerabilities being discovered in ICS equipment has remained steady for the last four years. ICS operators cannot therefore rely on vendors taking care of their security for them.

“Organisations may feel that their ICS systems are beyond the reach of attackers, but attacks like those against the Norwegian oil sector last year have demonstrated these assumptions to be false. ICS, far from being an air-gapped, proprietary system, is now often integrated to our IT networks as companies strive to improve performance and reduce costs. This can be done without impacting security, but only if security is considered during its design.”

Miller concludes, “Ultimately, better ICS security comes from not only controlling the borders of an ICS system, but by also introducing the ability to monitor and detect attacks, and through training of staff to respond appropriately.”

You can comment on this article below, or via Twitter:   @jcm2m     OR      @m2mnow

Recent Articles

Equinix data centres to connect Nokia to mobile, IoT and cloud ecosystems

Posted on: September 24, 2020

Digital infrastructure company, Equinix, Inc., has been selected as a strategic supplier for Nokia’s Worldwide IoT Network Grid (WING) managed service, in a collaboration to bring next-generation edge architectures and services to market. WING allows operators without an Internet of Things (IoT) footprint to gain fast entry to the IoT market or to help operators expand an existing

Read more

Eseye’s global, ubiquitous IoT connectivity service propels telehealth and telecare forward

Posted on: September 24, 2020

The demand for telehealth and telecare technology has skyrocketed in 2020, primarily fuelled by COVID-19 and the need to provide remote health monitoring to safeguard the vulnerable. A recent study forecasts a sevenfold growth in telehealth by 20251. The global pandemic has disrupted the healthcare industry and accelerated it towards a new era of smart

Read more