A new report by the US Industrial Control System Cyber Emergency Response Team (ICS-CERT) said that critical infrastructure companies based in the United States
have seen a dramatic increase in the number of cyber-security incidents between 2009 and 2011.
ICS-CERT said that in 2009 it received nine incident reports, in 2010 there were 41 incidents and in 2011, the number of attempted cyber
attacks spiked to 198.
ICS-CERT performed 17 onsite assessments during 2009, 2010 and 2011, including seven last year, the institute said; as 11 incidents were typed as having "sophisticated threat actors."
"No intrusions were identified directly into control system networks," the report stated. "However, given the flat and interconnected nature of many of these organization’s networks, threat actors, once they have gained a presence, have the potential to move laterally into other portions of the network, including the control system, where they could compromise critical infrastructure operations."
Meanwhile, the US' Cyber Command chief said that the country was poorly prepared for serious cyber attacks.
Army General Keith Alexander, who also serves as the Director of the National Security Agency and the Chief of the Central Security Service, recently pegged the United States' cyber-readiness at three, on a scale of 1-10.
The problem of defending the nation from a cyber attack is complicated,
Speaking before the Aspen Institute's annual security forum on Thursday, Alexander said that that matter of cyber-readiness "is not just a question of preparing the Department of Defense or federal networks. Private industry also has to be defended.
"Industry has a variety of capabilities… (and) while networks serving the financial community are well-defended, other sectors need help."
According to Alexander, cyber-security education is key: "We have a great program, it's jointly run by (the National Security Agency and the Department of Homeland Security)
and we are working with over 100 different colleges and universities to set up an information assurance/cyber security portfolio."
He added that the Department of Defense, in concert with agencies like the Department of Homeland Security and the Federal Bureau of Investigation, works together with industry to secure network devices.
The general stress that while "several nations are capable of serious cyber attacks… Anyone who finds vulnerabilities in the network infrastructure could cause tremendous problems."
"The key is having a defensible capability that can survive that first onslaught," Alexander said.
- Receive Ynetnews updates
directly to your desktop