Posted By Paul Tate, January 19, 2016 at 5:19 AM, in Category: Cybersecurity
Speaking at the S4 Security Conference in Miami last week, Marty Edwards, head of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), warned U.S. manufacturers that cyber attackers are increasingly targeting industrial control systems and threatening critical manufacturing sectors and infrastructure.
“We see more and more that are gaining access to that control system layer," he told the 300 attendees.
His latest warning follows a new government report that shows the Department of Homeland Security investigated almost twice as many cyber attacks on the U.S. critical manufacturing sector in its fiscal year 2015 (between October 2014 and September 2015) than in the previous year.
Critical manufacturing includes automakers, aviation equipment manufacturers and producers of metals, machinery and electrical equipment. In 2015, ICS-CERT looked into 97 reported cyber incidents across these sectors, 33% of the total 295 reported infrastructure attacks over the 12 month period.
“This increase over previous years … is primarily related to a widespread spear-phishing campaign that primarily targeted critical manufacturing companies,” the agency said. Spear phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data. The email appears to be from an individual or business that you know. But it isn't.
Connecting plant floor equipment to the Internet creates greater vulnerability as hackers seek out network weak points to find gateways into both corporate and industrial systems.
“ICS-CERT responded to a significant number of incidents enabled by insufficiently architected networks,” continued the report, “such as Industrial Control Systems networks being directly connected to the Internet or to corporate networks, where spear phishing can enable access.”
“This reinforces the need for asset owners/operators to focus on security fundamentals,” stressed ICS-CERT.
The overall total of infrastructure cyber attacks was up by 20 percent from the previous fiscal year, the agency said. The energy sector suffered the second-most cyber incidents with 46, followed by water and wastewater systems with 25 and the transportation sector with 23.
Written by Paul Tate
Paul Tate is Research Director and Executive Editor with Frost & Sullivan's Manufacturing Leadership Council. He also directs the Manufacturing Leadership Council's Board of Governors, the Council's annual Critical Issues Agenda, and the Manufacturing Leadership Research Panel. Follow us on Twitter: @MfgExecutive