Control security incidents up for year

Wednesday, April 14, 2010 @ 09:04 PM gHale


Control system security incidents in the water and wastewater industry rose last year.

There was a shift in incidents by industry over the past five years, according to the findings in the “2009 Annual Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems” released by the Security Incidents Organization.

There was an 80% drop in the incident rate in the petroleum and chemical industries, but a 300% hike in the incident rate in the water and wastewater and a 30% increase in the power and utilities industries, according to the Repository of Industrial Security Incidents (RISI) report.

Despite a decline in recent years, almost 50% of control system cyber security incidents reported by RISI occurred via malware, including viruses, worms and trojans. However, incidents involving unauthorized access or sabotage perpetrated by internal sources, such as a disgruntled former employee or contractor who uses inside knowledge or access privileges to cause harm to the company, are up considerably. Also on the rise are incidents where network anomalies induced failures in control system equipment.

The report is a detailed analysis of all incidents recorded up to December 31. RISI is an industry-wide organization that collects, analyzes, and shares high-value information regarding cyber security incidents that directly affect SCADA, manufacturing and process control systems.

At the end of the year, there were 175 confirmed incidents in the database, according to the report. The analysis determined where and when the incidents occurred. It also identified the types of incidents and the threat factors that executed them and the methods and techniques used to gain entry. Results achieved versus the results attempted and the financial and operational impacts on the “victims” were included as well.

The report provides detailed analyses of the incident data and compares recent data to historical data to identify shifts or trends. Also, a section of the report focuses on incidents occurring in 2009, including brief case studies for all incidents reported during that time. The report also includes, for the first time, an overview of industrial control system vulnerabilities reported in 2009 courtesy of Critical-Intelligence, Inc.



Leave a Reply

You must be logged in to post a comment.