Cyber-Attacks Rising Faster...

December 2009

Cyberattacks against critical U.S. networks rising at a faster rate. The number of cybersecurity attacks against computer networks that operate the nation’s critical infrastructure such as transportation systems and water treatment and power plants, has increased dramatically, mostly because these industries rely on legacy technologies that do not protect systems from sophisticated attacks. In the third quarter, 11 cyber incidents were added to the Repository for Industrial Security Incidents, a database of cybersecurity attacks that have or could have affected systems that operate major industrial operations in the United States. These key networks are known as Supervisory Control and Data Acquisition systems. The owners and operators of industrial plants maintain the database. For all of 2009, industries have added 35 incidents to RISI, representing more than 20 percent of the 164 incidents recorded since 1982. The total number of incidents in the database could increase 37 percent this year if trends continue at the current rate, according to RISI’s third-quarter report, which was released on November 30. Malicious software such as viruses, worms and Trojans were the cause of most cyberattacks, according to the report. Incidents involving unauthorized access or sabotage by people working for the company such as disgruntled former employees or contractors also increased. Old technology presents a particularly difficult problem to solve. While most computer systems are upgraded every three to five years, control systems typically remain operational for up to 20 years, said the director of control systems security at the Homeland Security Department. These old systems were not developed to function in a networked environment or combat the onslaught of cyberattacks.