My son and I were having a conversation some time ago about cybersecurity and cyber warfare and where we as a nation are most vulnerable. We agreed that it would be an attack against a utility, but we differed in which utility. One of us said power; the other said water. In the end, we concluded that any attack against anything in the critical infrastructure would be disastrous and we wondered just how prepared utilities or the government is for such an attack.
Based on information coming from the Department of Homeland Security (DHS), my son and I are right to be concerned. According to Reuters, cyber threats against the critical infrastructure — including energy and water utilities — surged last year. Reuters reported:
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said that it received 198 reports of suspected cyber incidents, or security threats, in 2011, more than four times the 2010 level.
Of those 198 attacks, 41 percent were against water treatment and supply facilities, more than doubling the attacks against energy utilities (16 percent). These numbers pretty much flip-flopped from 2010, when energy was the prime target and water was much lower. The reason, according to the report and stated in Info Security Magazine:
Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for over half of the incidents due to a large number of internet facing control system devices reported by independent researchers.
Officials at ICS-CERT said the number of incidents reported have increased because of better communication and operators doing a better job detecting threats. But I suspect that the increase is also due to more attempts to hack into the critical infrastructure, and I wouldn’t be surprised to see another surge when we look back at 2012. Nor would I be surprised to see the 2013 threat predictions include concerns about attacks on the critical infrastructure. Are we prepared for these attacks? That we won’t know until it happens, but it looks like so far DHS is on top of this threat.