Cyber Attacks On Critical Manufacturers Increasing

This post is also available in: עברית (Hebrew)

According to the US Department of Homeland Security, the number of investigations into cyber attacks on the America’s critical manufacturing sector nearly doubled last year.

The Department of Homeland Security’s Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) reported that it opened 97 investigations into hacking attempts on critical manufacturing facilities and organisations during the last fiscal year. This includes machinery and electrical equipment makers, metal works factories, and vehicle manufacturers.

ICS-CERT reports that it acted on 295 cyber incidents during the year. This represents an increase of 20% on the previous fiscal year.

The Department did not release the identities of those responsible, nor did it comment on whether these hacking attempts caused outages or serious damage.

Attacks such as these could actually not be attacks at all, according to some experts, but unintentional infections caused by malware released by cyber criminals. Another possibility is that these are intelligence gathering operations in preparation for future, more destructive attacks.

ICS-CERT is tasked with helping operators of critical infrastructure protect against cyber attacks. Most of their activity is not released to the public, and this report provides a rare opportunity to look at their operations.

ICS-CERT’s data release comes in the wake of a warning from Marty Edwards, the Team’s Director, that cyber attacks are rapidly increasing. The root of these attacks, he said, is due to operators of critical infrastructure leaving industrial control systems exposed to the wider internet.

“I am very dismayed at the accessibility of some of these networks… They are just hanging right off the tubes,” Edwards said during a speaking engagement at the S4 security conference in Miami.