The Ice Harbor Lock and Dam on the lower Snake River near Burbank, Washington, is seen in a file photo. The number of attempted and successful cyber attacks against critical infrastructure - such as dams, energy and water systems - rose more than 383 percent from 2010 to 2011, according to DHS. (Jeff T. Green / Getty Image)
The number of attempted and successful cyber attacks against critical infrastructure — such as dams, energy and water systems — rose more than 383 percent from 2010 to 2011, according to the Department of Homeland Security.
Owners and operators of critical infrastructure reported 198 incidents in 2011 to DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), up from 41 incidents in 2010, the first full year that ICS-CERT was in operation.
Attackers used various methods to gain access to critical systems, including spear phishing or targeted emails that convince recipients to open malicious files or click on presumably harmless hyperlinks, according to the June 28 report.
“These incidents highlight the activity of sophisticated threat actors and their ability to gain access to system networks, avoid detection, use advanced techniques to maintain a presence, and exfiltrate data,” the report said.
The energy and water sectors reported the highest number of incidents: 41 percent for the water sector in 2011 and 16 percent for the energy sector. Government facilities made up 6 percent of reported attacks.
ICS-CERT responded to only seven of the 2011 attacks with onsite visits. The report did not explain why DHS responded to such a low number of incidents.
“At the request of a company and when appropriate, ICS-CERT can deploy an onsite incident response team to help triage a cyber incident affecting a critical infrastructure,” the report said.