The Department of Homeland Security says the number of attacks on U.S. infrastructures has been attacked countless times over the past thirty six months – and the attacks are coming far more often and in more aggressive manners.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reports attacks are on the rise not only on government systems, but any American server. This includes the websites linked to the nation’s power grid, water filtration facilities and even nuclear facilities.
The agency reports there were nearly 200 reported incidents in 2011. In 2009, there were just nine attempted attacks. So aggressive are the attacks that cyber emergency response teams traveled to nearly twenty of attack sites so that they could gather evidence for analysis. From “spear phising” to the classic virus, the code is becoming increasingly sophisticated.
Spear-phishing is designed to corrupt an entire computer system with hundreds or even thousands of “malicious attachments”. Once a hacker has access to sensitive information, including individual credit card numbers, bank information and social security numbers, the potential for devastation is high.
In the case of one nuclear facility, a USB drive was found and is believed to be the “ground zero”. An employee had used the drive to download massive amounts of information on to his computer. Because malware was written into at least one of those files, DHS said, it then spread to at least one hundred off site hosts. The report then outlined various trends that many hackers use with great success. Some include swaying an employee to do the work on the “inside”, usually by exposing the network for the attack to occur.
The Department of Homeland Security sees the rise in the number of reported events as a sign that businesses are trusting the government more when it comes to allowing federal investigators to access their systems. “Incident response is an essential part of cybersecurity,” said DHS spokesman Peter Boogaard.
DHS has made a consistent effort to work with public and private sector partners to develop trusted relationships and help asset owners and operators establish policies and controls that prevent incidents. The number of incidents reported to DHS’s ICS-CERT has increased partly due to this increased communication.
Meanwhile, the debate over the public-private partnership remains quite controversial in D.C. Lawmakers have sought to better define legislation that would make it more difficult, via acceptable minimum security standards, for companies that operate critical infrastructure systems.
The Republicans want voluntary exchanges of information between the private sector and the government while one bipartisan bill backed by Senators Joe Lieberman and Susan Collins would require companies to prove to the government that minimum security standards are in place. It would also require companies to make that information available for the purposes of government audits.