home Cyber Cyber Security The U.S energy sector under Cyber attacks

The U.S energy sector under Cyber attacks

Jul 1, 2013

This post is also available in: עברית (Hebrew)

The energy sector is reporting an enormous increase in the number of attempted cyber attacks in 2013, according to a new report from the Department of Homeland Security. Some of the new attempted attacks have included the industrial control systems of gas compression stations across the Midwest.

i-HLS Israel Homeland Security

According to the Wall Street Journal there were 111 cyber incidents reported by the energy sector during the six months ending in May 2013, compared to about 81 incidents reported in the preceding 12 months, according to the report issued by DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). A previous report issued in January warned that cyber threats to the energy sector were happening at “an alarming rate.” The new report indicated an emerging cyber threat actor involved in intrusions into both the energy and critical manufacturing sectors, but did not give any more details about whether it was a nation state actor or some other group.

Many governments around the world have realized that there is military advantage to infiltrating the critical energy infrastructure of potential future adversaries, said Ed Skoudis, an instructor with cyber security research and education organization SANS Institute. “Even networks that were well monitored before are getting attacked with increasing frequency,” Mr. Skoudis told CIO Journal.

Cyber incidents reported by the energy sector to DHS accounted for 53% of all incidents reported in the six months ending in May 2013. That’s up from 41% during the preceding 12 months.

In January and February of this year, DHS received a number of reports from companies that operate gas compressor stations. Those companies reported an increase in so-called brute force attempts to access their process control networks. Brute force attacks involve exhaustive trial and error to break a security system, often using automated tools. Those attempted attacks originated from 49 IP addresses but ultimately, none were successful.