The Transportation and water and waste water industry sectors endured large increases in the number of reported cyber security incidents in recent years; 160 percent and 60 percent respectively, a new report said.
One of the true barometers of the cyber health of the manufacturing automation industry, the Repository for Industrial Security Incidents (RISI) database published the 2013 Annual Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems.
RISI is an industry-wide repository for collecting, analyzing and sharing information regarding cyber security incidents that directly affect industrial control and supervisory control and data acquisition (SCADA) systems. Industrial automation system suppliers, end-users and international government agencies and research institutes have relied on RISI since 2009 to provide them with insight into the trends affecting ICS security.
ICS and SCADA security have been serious concerns for more than a decade, but have come under increased scrutiny following the discovery of the Stuxnet virus in 2010, the Duqu virus in 2011 and the Shamoon virus in 2012. All of these viruses specifically targeted industrial control systems.
The 2013 Annual Report includes detailed analysis of the 240 incidents recorded in the RISI database ranging from 2001 through the end of 2012.
The analysis identifies where and when the incidents occurred while also identifying the types of incidents and the threat agents that executed them, including the methods and techniques used to gain entry. The financial and operational impacts on the “victims” also undergo analysis.
The report also includes detailed results and analysis from the second annual RISI Control System Security Benchmark Survey.
The survey data provides insight into the current state of control system security, especially when compared with the data regarding actual incidents.
In one case, RISI data indicates 33 percent of all ICS security incidents were the result of remote access. This data gain support with 48 percent of survey respondents reporting remote access to the controls systems ends up allowed at their facilities.