Companies see spike in cyberattacks on critical infrastructure systems

Companies that operate critical infrastructure systems have reported a sharp rise in cybersecurity incidents over a three-year period, according to a new report from an arm of the Department of Homeland Security.

Companies reported 198 cyber incidents in 2011, up from 41 incidents in 2010 and just nine in 2009, the report said. The rise in reported incidents comes as the Senate is gridlocked on legislation that would require operators of critical infrastructure to meet new cybersecurity standards.

ADVERTISEMENT
The report could provide fodder for lawmakers looking to move Sen. Joe Lieberman’s (I-Conn.) cybersecurity bill to the floor. The bill has been waiting for floor time since it was introduced in February, but Senate Majority Leader Harry ReidHarry Mason ReidDonald Trump is delivering on his promises and voters are noticing Danny Tarkanian wins Nevada GOP congressional primary McConnell cements his standing in GOP history MORE (D-Nev.) has repeatedly said he plans to act on the measure this year.

The bulk of the cybersecurity incidents in 2011 were reported by companies in the water sector, accounting for about 41 percent of the incidents submitted to the department’s cyber emergency response team for industrial control systems, known as ICS-CERT. Companies in the energy sector accounted for 33 percent and 44 percent of the reported incidents in 2009 and 2010, respectively.

But not every potential cyberattack resulted in assistance from the department.

Just seven of the 198 reported cyber incidents received onsite support from the department in 2011. Two of the incidents reported by companies received onsite support in 2009 and eight did in 2010.

Of the cases that received support, so-called spearphishing attacks were the most common way hackers compromised the critical infrastructure systems. The hacking method prompts people to click on malware-infected emails that appear to be sent from someone they know.

Lieberman’s cybersecurity bill has received criticism from a group of Senate Republicans who argue that it would burden private sector companies with additional regulations. Sens. John McCainJohn Sidney McCainDonald Trump is delivering on his promises and voters are noticing The Memo: Trump’s media game puts press on back foot Meghan McCain shreds Giuliani for calling Biden a 'mentally deficient idiot' MORE (R-Ariz.) and Kay Bailey Hutchison (R-Texas), sponsors of a rival cybersecurity measure, have also taken issue with Lieberman’s bill designating DHS as the lead agency in charge of the nation’s cybersecurity efforts.

A bipartisan compromise effort spearheaded by Sens. Jon Kyl (R-Ariz.) and Sheldon WhitehouseSheldon WhitehouseGAO to look into Trump's reduction of carbon social costs Overnight Energy: Pruitt used security detail to run errands | Dems want probe into Pruitt's Chick-fil-A dealings | Yellowstone superintendent says he was forced out Dems seek watchdog probe into Pruitt’s Chick-fil-A dealings MORE (D-R.I.) is under way to find a middle ground between the two pieces of cybersecurity legislation, but it is unclear at this point if it will reach fruition.