(The Hosting News) – Cyber-attacks in the United States drastically increased in the last three years, according to a recent report unveiled by the U.S. Department of Homeland Security. The data was reportedby key organizations and companies providing technical infrastructure to government services.
Such entities routinely rely on ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), a group set up by DHS to assist in security breach responses.
In 2009 alone, the group received just 9 incident report tickets for companies. By 2010, that number had increased to 41. The next year? An astronomically high increase representing 198 support tickets.
The report also narrowed down the organizations into sectors including energy, dams, water and others grouped into a category labeled cross-sector. In its first year, data showed that 33% of the incidents were reported from entities in the energy sector, 34% from water and 11% from dams. In 2010, incidents from the energy sector had expanded to represent most of the reported cyber breaches, that year accounting for 44%. Meanwhile, new sectors including government facilities and chemical organizations entered the fold of those reporting security problems.
In 2011, aside from a lot more incidents, things appeared to change as in terms of which organizations we’re being hit. Last year, the water industry reported the most occurrences (at 41%) while energy had dropped down to 16%.
“Cybersecurity gaps can occur when personnel at all levels of an organization do not clearly understand security risks to the control systems environment. This includes management, IT operations, security operations, process operations, control systems, and incident response operations. Until critical infrastructure organizations see themselves as probable targets and gain an understanding of the threat actor capability to penetrate, avoid detection, and maintain a presence on their networks, they will not make the necessary investments in cybersecurity,” commented DHS in its report.
In one incident, the energy sector was victimized by a “spear-phishing email campaign.” That tactic was used by hackers to steal important data. ICS-CERT responded by helping the affected organization analyze eleven different drives.
Earlier this year in May, NASA reported on its own cyber breaches through a report provided on Capital Hill. During 2011, the space agency said it dealt with 47 advanced persistent threats, one of which succeeded in stealing data of more than 150 NASA employees.