U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240003029/u-s-critical-infrastructure-cyberattack-reports-jump-dramatically.html

By Brian Prince
Contributing Writer
Dark Reading
June 29, 2012

U.S. critical infrastructure companies saw a dramatic increase in the 
number of reported cyber-security incidents between 2009 and 2011, 
according to a new report from the U.S. Industrial Control System Cyber 
Emergency Response Team (ICS-CERT).

In 2009, ICS-CERT fielded 9 incident reports. In 2010, that number 
increased to 41. In 2011, it was 198. Of those 198, seven resulted in 
the deployment of onsite incident response teams from ICS-CERT, and 21 
of the other incidents involved remote analysis efforts by the Advanced 
Analytics Lab. Incidents specific to the water sector, when added to 
those that impacted multiple sectors, accounted for more than half of 
the incidents due to a larger number of Internet-facing control system 
devices reported by independent researchers, according to the report.

Though not all of the reports turned out to be actual cyber-attacks, the 
magnitude of the increase is somewhat surprising, says Kim Legelis, vice 
president of marketing at Industrial Defender.

"While those of us close to critical infrastructure cyber security were 
aware of the escalating nature of the threat landscape, the level that 
this report validates was more severe than expected," she says. "In 
addition, the report provides a baseline to compare future reports and 
incidents to in the future."

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill