Industrial Control Systems Faced Nearly 200 Attacks: DHS
In 2012, energy, water and commercial control systems faced numerous attacks, including the use of a search engine to find thousands of exposed systems.Industrial control systems came under increasing scrutiny and attack in 2012, with almost 200 documented incidents, according to a report released last week by a component of the U.S. Department of Homeland Security. Energy firms accounted for more than 40 percent of the 198 incidents reviewed by the Industrial Control Systems (ICS) Cyber Emergency Response Team (CERT), and water utilities took a distant second place with 15 percent of the incidents. While some of the cases were caused by security researchers using the Sentient Hyper-Optimized Data Access Network (SHODAN), a regularly updated directory of ports, to find exposed industrial control systems, the majority were serious breaches, the report stated. The group took part in responding to almost two dozen attacks on oil and natural gas firms, discovering that sensitive information on the operations of the supervisory control and data analysis (SCADA) systems had been accessed by the attackers. "Analysis of the targeted systems indicated that information pertaining to the ICS/SCADA environment, including data that could facilitate remote unauthorized operations, was exfiltrated," the report stated.
Researchers and security professionals have focused on threats to industrial control systems and critical infrastructure for nearly a decade. However, the Stuxnet attack on Iranian uranium-processing equipment galvanized the critical-infrastructure industries into taking such threats seriously.