Cyber attacks on critical infrastructure could have been foiled with common precautions
Of the 17 cybersecurity incidents affecting operators of critical infrastructure serious enough to require onsite deployment by the Homeland Security Department's Industrial control systems cyber emergency response team, 12 could have been prevented--or at least have been reduced in impact--by deployment of recommended practices, says ICS-CERT.
In a report (.pdf) summarizing known incidents from November 2009 (when ICS-CERT came into being) through fiscal 2011, DHS security experts say common precautions such as segmenting networks with properly configured firewalls or login limitations could have also reduced the amount of time to detect the attack. Ten organizations could have detected--but apparently did not--the intrusion after it happened by using filtering to detect outgoing and incoming traffic to known bad Internet protocol addresses or domain names, the report says.
The most common infection vector, it says, was spear-phishing emails with links to malicious websites embedded or attachments containing executable code attached. Spear-phishing accounted for seven of the 17 serious incidents. At least one was caused by an infected USB device.
Theft of data "seems to have been the primary motive" for the intrusions, the report says, also stating that sophisticated threat actors were present in 11 of the 17 incidents.
The number of incidents reported to ICS-CERT increased significantly from fiscals 2010 to 2011--49 in the former, 205 in the latter. It's not clear from reading the report, however, whether that represents a genuine increase in cyber threats or an increase in reporting to ICS-CERT, which is still a new organization,.
- download the ICS-CERT 2009-2011 incident summary report (.pdf)
DHS has difficulty keeping track of critical infrastructure security assessments, says GAO
DHS to set up continuous monitoring at civilian agencies
U.K. spy chief decries 'industrial scale' cyber espionage
Flame and Stuxnet were developed together early on, says Kaspersky Lab