Critical infrastructure commonly hit by destructive cyber attacks, survey reveals

Critical infrastructure organisations are commonly targeted by cyber attacks aimed at manipulating equipment or destroying data, a survey reveals

Critical infrastructure organisations are commonly targeted by cyber attacks that are aimed at manipulating equipment or destroying rather than stealing data, a survey has revealed.

This type of attack is often under the radar as it does not typically involve the personal data of customers and is therefore not reported under data breach disclosure laws in the US and elsewhere.

But the survey report by the Organization of American States (OAS) and security firm Trend Micro revealed that 44% of more than 500 critical infrastructure suppliers in North and South America report attempts to delete files. By contrast, only 60% of organisations polled said they had detected attempts to steal data.

The data gathered also revealed that 53% of the respondents noticed an increase of attacks to their computer systems in 2014, and 76% stated that cyber attacks against infrastructure are getting more sophisticated.

Almost a third of the respondents were public entities, with communications, security and finance being the most heavily represented industries.

Some 40% or organisations polled said they had experienced attempts to shut down their computer networks and 54% reported attempts to manipulate their equipment through a control system.

However, the survey does not provide details of what proportion of the attempted attacks were successful or resulted in any damage.

To date, the Shamoon malware attack on Saudi Aramco in August 2012 and the computer-killing malware attack on Sony Pictures in November 2014 are the best known cases of destructive cyber attacks.

The attack on Sony Pictures was linked to North Korea and led to the imposition of fresh sanctions on the country by the US.

Earlier in April 2015, US president Barack Obama formalised this type of response by signing an executive order establishing a framework for the US to impose sanctions on foreign cyber attackers.

He said the sanctions would apply to those engaged in malicious cyber activity that aims to harm critical infrastructure, damage computer systems and steal trade secrets or sensitive information.

A cyber security wake-up call 

Trend Micro chief cyber security officer Tom Kellermann said the Americas research should serve as a wake-up call that critical infrastructures have become a prime target for cyber criminals.

“These groups have escalated their attacks by leveraging destructive campaigns against the infrastructures of the Western Hemisphere," he said.

Kellerman said Trend Micro hopes the findings will serve as a catalyst to motivate and encourage necessary change.

OAS Inter-American Committee against Terrorism executive secretary Neil Klopfenstein said governments in the Americas and around the world must recognise the serious vulnerabilities inherent to critical infrastructure and the potential for grave consequences if not properly secured.

“From electrical grids and water treatment plants, to oil exploration fossil fuel supplies and transportation, these systems are vital to virtually every element of society," he said.

"This report reinforces a need to continue strengthening protection of critical infrastructures in our member states, while collaborating and sharing information so as to collectively address these issues and foster a secure and resilient cyber space for government, businesses and citizens in the region."

Organisations must act now to protect critical infrastructure

Responding to the OAS survey results, Chris McIntosh, chief executive at communications firm ViaSat UK, said the high proportion of destructive attacks reported should raise a warning flag for UK critical infrastructure suppliers.

Read more about cyber attacks on critical infrastructure

He said the OAS survey also underlines 2013 research by ZPryme on smart grids that showed more than half of infrastructure providers in the US believed electrical networks were insecure, while 57% expected attacks against infrastructure to both increase in frequency and expand further into both IT and operations technology systems.

“Other industries might present tempting targets for theft, yet the main attraction of critical national infrastructure will always be the opportunity to cause damage – whether from nations or other actors looking to damage their rivals, or criminals essentially holding services to ransom,” said McIntosh.

“Ironically, modernising critical infrastructure networks has made them more vulnerable. While previously attacking national energy or resource infrastructure would have involved compromising dedicated communication networks, modern networks are both part of the internet and include more direct connections with end users, making them more vulnerable than ever,” he said.

According to McIntosh, cyber attacks have developed to such a sophisticated level that they should now be considered as likely or even more likely than physical attacks on infrastructure.

“Organisations need to act now to protect the network and address the unique nature of interconnected real-time control systems. To avoid this risk, critical infrastructure companies need to review their entire IT systems from top to bottom; ensuring there are no unprotected points of entry for potential attackers and that all points of access are secured,” he said.

McIntosh believes that encryption of data in transit and rigorous authentication protocols should become standard practice and that organisations should work on the assumption that they have already been compromised.

Read more on Hackers and cybercrime prevention