U.S. official sees more cyber attacks on industrial control systems

A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. REUTERS / Kacper Pempel / Files

By Jim Finkle

MIAMI (Reuters) – A U.S. government cyber security official warned that authorities have seen an increase in attacks that penetrate industrial control system networks over the past year, and said they are vulnerable because they are exposed to the Internet.

Industrial control systems are computers that control operations of industrial processes, from energy plants and steel mills to cookie factories and breweries.

“We see more and more that are gaining access to that control system layer,” said Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

ICS-CERT helps U.S. firms investigate suspected cyber attacks on industrial control systems as well as corporate networks.

Interest in critical infrastructure security has surged since late last month when Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack.

Experts attending the S4 conference of some 300 critical infrastructure security specialists in Miami said the incident has caused U.S. firms to ask whether their systems are vulnerable to similar incidents.

Edwards said he believed the increase in attacks was mainly because more control systems are directly connected to the Internet.

“I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes,” he said in an on-stage interview with conference organizer Dale Peterson.

Edwards did not say whether those attacks had caused any service disruptions or threatened public safety.

Sean McBride, a critical infrastructure analyst with iSight Partners who attended the talk, said the increase may reflect more publicity in recent years over risks over cyber attacks, which prompted operators to find more infections.

McBride said he could not say if the increase was troubling because he did not know the intent of the attackers.

Edwards and a DHS spokesman declined to elaborate on his comments.

ICS-CERT said in an alert this week that it had identified malware used in the attack in Ukraine as BlackEnergy 3, a variant of malware that the agency said in 2014 had infected some U.S. critical infrastructure operators.

A DHS official said on Tuesday that government investigators have not confirmed whether the BlackEnergy malware caused the Ukraine incident.

“At this time there is no definitive evidence linking the power outage in Ukraine with the presence of the malware,” said the official, who was not authorized to discuss the matter publicly.

Edwards did not discuss the Ukraine attack during his talk.

(Reporting by Jim Finkle in Miami; Editing by Leslie Adler)

Leave a Reply