By Jennifer Martinez - 07/03/12 03:27 PM EDT
Companies that operate critical infrastructure systems have reported a sharp rise in cybersecurity incidents over a three-year period, according to a new report from an arm of the Department of Homeland Security.
Companies reported 198 cyber incidents in 2011, up from 41 incidents in 2010 and just nine in 2009, the report said. The rise in reported incidents comes as the Senate is gridlocked on legislation that would require operators of critical infrastructure to meet new cybersecurity standards.
The bulk of the cybersecurity incidents in 2011 were reported by companies in the water sector, accounting for about 41 percent of the incidents submitted to the department’s cyber emergency response team for industrial control systems, known as ICS-CERT. Companies in the energy sector accounted for 33 percent and 44 percent of the reported incidents in 2009 and 2010, respectively.
But not every potential cyberattack resulted in assistance from the department.
Just seven of the 198 reported cyber incidents received onsite support from the department in 2011. Two of the incidents reported by companies received onsite support in 2009 and eight did in 2010.
Of the cases that received support, so-called spearphishing attacks were the most common way hackers compromised the critical infrastructure systems. The hacking method prompts people to click on malware-infected emails that appear to be sent from someone they know.
Lieberman’s cybersecurity bill has received criticism from a group of Senate Republicans who argue that it would burden private sector companies with additional regulations. Sens. John McCain (R-Ariz.) and Kay Bailey Hutchison (R-Texas), sponsors of a rival cybersecurity measure, have also taken issue with Lieberman’s bill designating DHS as the lead agency in charge of the nation’s cybersecurity efforts.
A bipartisan compromise effort spearheaded by Sens. Jon Kyl (R-Ariz.) and Sheldon Whitehouse (D-R.I.) is under way to find a middle ground between the two pieces of cybersecurity legislation, but it is unclear at this point if it will reach fruition.