Research Menu

Skip Search Box

The Next Wave | Vol. 19 | No. 4 | 2012

Cyber threats to US infrastructure on the rise

FIGURE 1. The number of cyber incident report tickets and on-site deployments for 2010 and 2011.

The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to provide focused operational capabilities for defense of control system environments against emerging cyber threats. ICS-CERT responds to cyber threats that affect organizations that own and operate control systems associated with critical infrastructure and key resources including agriculture and food, banking and finance, chemical, commercial facilities, critical manufacturing, dams, defense industrial base, drinking water and water treatment systems, emergency services, energy, government facilities, information technology, national monuments and icons, nuclear reactors and materials and waste, postal and shipping, public health and healthcare, telecommunications, and transportation systems.

To accomplish this mission, ICS-CERT

FIGURE 2. The number of cyber incident reports by sector in 2010.

    Responds to and analyzes control systems related incidents,

    Conducts vulnerability and malware analysis,

    Provides on-site support for incident response and forensic analysis,

    Provides situational awareness in the form of actionable intelligence,

    Coordinates the responsible disclosure of vulnerabilities/mitigations, and

    Shares and coordinates vulnerability information and threat analysis through information products and alerts.

FIGURE 3. The number of cyber incident reports by sector in 2011.

Companies report cybersecurity incidents to ICS-CERT and request analysis support to help determine the extent of the compromise and gather information about cyber attacks, including the adversary's techniques and tactics. This information helps asset owners evaluate their security posture and take measures to strengthen their control systems and network security. Typical incident response support consists of analysis performed in ICS-CERT's Advanced Analytics Lab (AAL) on digital media, malware, log files, and other artifacts.

Figure 1 illustrates the number of incident report tickets and incident report on-site deployments between 2010 and 2011.

In 2010, 41 incident reports were received. Of the 41, eight resulted in the deployment of on-site response teams. An additional seven incidents involved remote analysis by the AAL.

Figure 2 illustrates the breakout of incidents by sector.

In 2011, ICS-CERT received 198 reports of incidents. Of those 198, seven resulted in the deployment of on-site incident response teams. An additional 21 incidents involved analysis efforts by the AAL to identify malware and techniques used by the threat actors.

Figure 3 displays the sector distribution for all incidents reported in 2011. Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for over half of the incidents due to a large number of Internet facing control system devices reported by independent researchers.

For more information about ICS-CERT, or to report a cybersecurity incident, visit

View PDF version of this article (240 KB)


Date Posted: Jan 15, 2009 | Last Modified: May 9, 2012 | Last Reviewed: May 9, 2012