KEY POINTS 

  • Critical infrastructure, such as dams, hospitals, and power grids, are becoming increasingly vulnerable to cyber attacks. As critical infrastructure companies connect their industrial control systems to the internet to reap the benefits of the Internet of Things (IoT) — like increased efficiency and cost savings — hackers are finding more opportunities to conduct attacks. 
  • The number of attacks on industrial control systems in the US is growing. Critical infrastructure companies reported 295 cyber attacks on their industrial control systems in 2015, up from 245 incidents in 2014. Industrial control systems are software automation systems that control various industrial machines and collect data from them. 
  • Hacks that take down critical infrastructure can cause enormous damage. In the US, a cyber attack against the power grid for the East Coast could cost up to $1 trillion, according to insurer Lloyd's.
  • A cyber hack of a power grid in the Ukraine last year demonstrates the glaring need for companies to implement best practices in securing their industrial control systems. The hackers used tools and tactics — such as spearphishing campaigns and stealing credentials through Virtual Private Networks — that other attackers could replicate.
  • Companies that operate critical infrastructure must secure their industrial control systems against highly targeted attacks, especially as they connect their systems to the internet. Measures to prevent an attack of this magnitude include training staff, patching software vulnerabilities, and monitoring networks for suspicious activity.

  

Critical Infrastructure Hacks On The Rise

On December 23, 2015, hackers caused a blackout that affected more than 200,000 people in Western Ukraine. This was the first blackout ever recorded that resulted from a cyber attack. Although the attack stood out for the damage it caused, it also pointed to a growing trend of hackers targeting the industrial control systems that operate critical infrastructure.

Industrial control systems are software automation systems that control various industrial machines and collect data from them. Two of the most common types of industrial control systems:

  • Supervisory command and data acquisition (SCADA) systems are used for remote monitoring and automating from geographically dispersed devices. Data from these devices is collected at a central terminal that processes the data and then sends automated commands back to the devices based on the data. These are frequently used for controlling power grids, public transportation systems, and water distribution systems.
  • Distributed control systems [...]