Homeland Security says US industrial control systems hit by 245 cyber attacks in 2014
13 March 2015
US industrial control systems were hit by cyber attacks at least 245 times over a 12-month period, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has revealed. ICS-CERT is part of the National Cybersecurity and Integration Center, which is itself a unit of the Department of Homeland Security.
After the Energy Sector with 79 incidents, the second most affected area was the Critical Manufacturing Sector, including control systems (ICS) equipment manufacturers, with 65.
“The ICS vendor community may be a target for sophisticated threat actors for a variety of reasons, including economic espionage and reconnaissance”, the report said. “Of the total number of incidents reported to ICS-CERT, roughly 55% involved advanced persistent threats (APT) or sophisticated actors. Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data.”
The Communications and Water Sectors reported 14 each, Nuclear 6 and Chemicals 4.
The graph below shows the various forms of attack methods uncovered by the ICS-CERT, with the majority of attacks untraceable.
“ICS-CERT has provided onsite and remote assistance to various critical infrastructure companies to perform forensic analysis of their control systems and conduct a deep dive analysis into Havex and Black Energy malware,” it said.
ICS-CERT data showing attack methods uncovered during industrial security incidents
ICS-CERT also acknowledged that it is highly likely that it was unaware of other incidents that will have occurred during the period.
“The 245 incidents are only what was reported to ICS-CERT, either by the asset owner or through relationships with trusted third-party agencies and researchers. Many more incidents occur in critical infrastructure that go unreported,” the report said.
The report comes amid rising concerns that industrial control systems are being targeted by Russian hackers, who are seen as new and highly sophisticated players in the cyber arena.