April 4, Network World – (National) DHS: America’s water and power utilities under daily cyber-attack. America’s water and energy utilities face constant cyberespionage and denial-of-service attacks against industrial-control systems, according to the team of specialists from the U.S. Department of Homeland Security (DHS) who are called to investigate the worst cyber-related incidents at these utilities, Network World reported April 4. Out of the 17 fly-away trips taken in 2011 by DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to assist utilities in network and forensics analysis, 7 of the security incidents originated as spear-phishing attacks via e-mail against utility personnel. An ICS-CERT leader said 11 of the 17 incidents were very “sophisticated,” signaling a well-organized “threat actor.” She said DHS believes that in 12 of the 17 cases, if only the compromised utility had been able to practice the most basic type of network security for corporate and industrial control systems, they would likely have detected or fended off the attack. One of the basic problems observed at utilities is that “a lot of folks are using older systems previously not connected to the Internet,” she said. Another ICS-CERT leader said the count of “incident tickets” related to reported incidents at water and power-generating utilities is going up. While only 9 incidents were reported in 2009, in 2011 this grew to 198 incident tickets. Just over 40 percent came from water-sector utilities, with the rest from various energy, nuclear energy, and chemical providers. He said in many cases the attacks do not seem to be coming directly through the Internet via Internet Service Providers, for example, but are often traced to outside companies that provide services to the attacked utilities, raising the question of compromises there.