Cyber incident reports flood in from US water sector

The water system was the primary target of incidents reported last year to the US Industrial Control System Cyber Emergency Response Team (ICS-CERT)
The water system was the primary target of incidents reported last year to the US Industrial Control System Cyber Emergency Response Team (ICS-CERT)

A full 41% of the 198 reported incidents involving US industrial control systems came from water treatment and supply facilities, according to the 'ICS-CERT Incident Response Summary Report'.

The next most targeted sector was the energy sector (16%), followed by government facilities (6%) and the nuclear sector (5%).

“Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for over half of the incidents due to a large number of internet facing control system devices reported by independent researchers”, the report noted.

By contrast, in 2010, the most targeted sector was energy, with 44% of the 41 reported cyber incidents, followed by the nuclear (12%) and water (10%) sectors. In 2009, water and energy were fairly evenly split, with 34% and 33% of the reported incidents, respectively.

Of the 198 reported incidents in 2011, only seven resulted in deployment of an onsite incident response team; of the 41 reported incidents in 2010, only eight required an onsite team; of the nine reported in 2009, two required an onsite team. For 2009, ICS-CERT only collected information in the last two months because it was formally established on Nov. 1 of that year.
 

What’s Hot on Infosecurity Magazine?