September was marked by ongoing exploration and discussion of the very real threats to U.S. critical infrastructure. From successful cyberattacks against U.S. Department of Energy computer systems to a malicious phishing scheme targeting IT workers at critical infrastructure companies, these are the industrial security stories that captured our attention.
U.S. Critical Infrastructure under Cyberattack (Network World, Sept. 29, 2015)
Recent research from ESG reveals that 68 percent of U.S. critical infrastructure organizations have experienced one or several security incidents within the past two years. And 67 percent believe the threat landscape is more dangerous and getting worse than it was two years ago, leading some experts to predict a “cyber Pearl Harbor” in our future.
Cyber Risk Isn’t Always in the Computer (Wall Street Journal, Sept. 24, 2015)
When people think about industrial control systems, they don’t often consider equipment such as backup generators, thermostats and air conditioners, but they should. These components support data-center networks, and due to decades-old technology and communication standards, they are vulnerable to cyberattacks that could take down an entire operation.
Work Needed to Secure Power Grid, Experts Tell House Committee (USAToday, Sept. 11, 2015)
The power grid faces a host of threats, according to witnesses speaking to the House Committee on Science, Space and Technology’s oversight and energy subcommittees. Ranging from natural to physical to cyber, threats to the grid could result in a catastrophic outage, and this possibility should encourage the industry to address vulnerabilities with all possible haste.
Records: Energy Department Struck by Cyberattacks (CNBC, Sept. 10, 2015)
Serving a harsh wake-up call to critical infrastructure companies everywhere, USAToday learned there were 159 cyberattacks that compromised U.S. Department of Energy (DOE) computer systems from 2010 to 2014. Records show that DOE components reported 1,131 total cyberattacks in a 48-month period ending in October 2014, demonstrating a consistent and alarming onslaught of attacks, as well as numerous security vulnerabilities within the department’s cyber defense strategies.
Phishing Schemes Target IT Workers at Critical Infrastructure Companies (Wall Street Journal, Sept. 8, 2015)
The Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team reported the use of a malicious phishing scheme targeting IT workers at critical infrastructure companies. Considered the first stage of a cyberattack, phishing emails are intended to target a critical infrastructure operator’s business network, and from there, its control systems.
For more cybersecurity news, check out last month’s news roundup.