Cyber threats for energy, transportation sectors on the rise
Connecting state and local government leaders
New targets are likely to emerge or expand, and the barrier to entry for threat actors is dropping.
Cyberattacks on industrial control systems, which control public and private sector infrastructure such as the electrical grid and transportation systems, are on the rise. And this trend will likely continue, according to the “Industrial Cybersecurity Threat Briefing.” The new report by Booz Allen Hamilton found that new targets are likely to emerge or expand and the barrier to entry for threat actors is lowering.
Several sectors were particularly hard hit in 2015, including energy and transportation. In 2015, the energy industry saw 46 incidents, while water and dams and transportation saw 31 and 23, respectively.
Although the number of reported industrial control systems incidents in the energy sector decreased in fiscal 2015, the events were among “the most significant in recent years,” the report stated. For example, natural gas and geothermal electricity company Calpine Corp. disclosed a reconnaissance and data exfiltration linked to IP addresses in Iran. Investigators found engineering drawings of the company’s network architecture and a mapping of data flows among facilities on FTP servers that the attackers accessed.
In April 2016 cybercriminals used a successful phishing attack to put ransomware on the corporate network of the Board of Water and Light, a Michigan-based public water and electric utility. Administrators had to take down the network to isolate the ransomware. And last December, an Iranian hacker remotely accessed a supervisory control and data acquisition (SCADA) system controlling the Bowman Dam in Rye, N.Y., through the system’s cellular modem.
No physical disruptions in the transportation sector were reported, the report stated, but activity indicates interest in the industry. South Korea took several hits in recent month. Intelligence officials there blamed North Korean hackers for compromising an automatic train controller company and stealing data, compromising Seoul Metro transit servers and conducting a spearphishing campaign against two South Korean railway operators.
Although updates to technology are one way to increase security against these attacks, reducing risk is about more than technology, the report said. Proper policies and procedures in addition to training employees are also crucial. “When developing your roadmap, focus on high-impact, low-cost initial steps that buy down near-term risks while providing the foundation for a long-term strategy,” the authors advised.
That’s easier said than done, of course, especially in the public sector. Obstacles to implementing proper protections include limited budgets, the changing threat landscape and a gap in skills and expertise, the report acknowledged.
NEXT STORY: DHS hopes blockchain can help secure IoT