DHS Raises Alarm Over Cyberattacks on Critical Infrastructure
Private companies in the energy industry, as well as those providing critical infrastructure services like electricity and water, have been put on notice -- watch out for possible cyberattacks focusing on sabotage, not theft. The U.S. government issued the warning after noticing a recent rise in probes of company networks. Those attempts mostly came from the Middle East.
05/13/13 2:15 PM PT
The U.S. Department of Homeland Security (DHS) has warned American companies involved with energy and infrastructure operations to be on their guard against cyberattacks.
The warning was issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which works to help protect critical infrastructure.
Although U.S. companies are under constant cyberattack by criminals and state-sponsored hackers attempting to steal their intellectual property, this latest warning is about attackers who might seek to take over or sabotage the control systems of their targets.
More About the Warning
The warning, issued late last week, was probably meant more as a general reminder for possible targets to remain alert than as an indication of a specific attack, Dwayne Melancon, chief technology officer at Tripwire, told TechNewsWorld.
The possible attack is likely aimed at the energy and distribution sectors, he said.
ICS-CERT "is generally very good at getting targeted information, but now it's so vague that it's just a general warning," Melancon said. "From what I can tell, there doesn't seem to be a specific enough threat for people to say 'Lock your doors this way.' My interpretation is, they might have picked up some back-channel chatter that indicates something might be coming down."
The DHS "continually collaborates with public and private sector partners to coordinate mitigation strategies in response to any and all cyberthreats and to reduce impacts to our nation's critical infrastructure," DHS spokesperson Robert Hopkins told TechNewsWorld.
The Call of the Desert
Hackers in the Middle East and North Africa launched a cyberattack last week dubbed #OpUSA, according to global intelligence and forecasting firm Langley Intelligence Group Network, which consists of a group of former CIA, intelligence and U.S. national security officers.
It's not clear whether this is the threat that ICS-CERT is referring to in its warning.
However, since last year, there has been increased concern among government officials and within the private sector about the possibility of cyberattacks being launched from countries in the Middle East, especially from Iran.
In August, a malware attack called Shamoon that originated in the Middle East disrupted the network of Saudi Aramco with a virus.
The DHS did not discuss the possibility that the latest threat may have originated in the Middle East.
Who Is ICS-CERT?
ICS-CERT works with law enforcement and the intelligence community to reduce risks within and across all critical infrastructure sectors in the U.S.. It coordinates efforts among federal, state, local and trial governments, and control systems owners, operators and vendors. It also collaborates with international and private sector computer emergency response teams to share information on control systems-related security incidents and mitigation measures.
ICS-CERT helped several critical infrastructure entities battle intrusions from cyberthreats in March and April. Last year, it responded to 177 incidents, completed 89 site assistance visits and deployed 15 teams with US-CERT to respond to significant private sector cyber incidents.
Keeping Critical Infrastructure Safe
The latest alert from ICS-CERT is apparently in line with the DHS's policy of sharing cyberthreat information with private and public sector partners, as well as critical infrastructure owners and operators.
"Protecting critical infrastructure and cyberspace against growing and evolving threats is a daily activity that requires a layered approach, leveraging a full range of partners," the DHS's Hopkins said.
ICS-CERT "has got a lot more vocal about specifics around threats," Tripwire's Melancon said. "It used to be everything they said was in their secure portal, and now they're starting to broadcast a lot more, which is a good step -- it's getting more open and more free in distributing information about threats. But if it's a vague warning that says 'be aware of the issues', effectively all you're doing is telling people not to forget to practice good security hygiene."