Cyberattacks against US critical manufacturers have nearly doubled – DHS

© Ints Kalnins
Cyberattacks on the United States’ critical manufacturing sector nearly doubled in fiscal year 2015, according to a report by the Department of Homeland Security.

The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, or IS-CERT, is responsible for helping American companies investigate attacks on their networks or industrial control systems that automate factory processes. The agency said in a report released earlier this week that it investigated 97 incidents at “critical manufacturers” that occurred during the year ending September 30.

Critical manufacturing includes makers of vehicles, transportation equipment and aviation equipment, as well as producers of machinery, metals and electrical equipment.

“This increase over previous years … is primarily related to a widespread spear-phishing campaign that primarily targeted critical manufacturing companies,” DHS said in its report.

The 97 cyberattacks on critical manufacturing only form about a third of the total number of incidents the agency responded to. ICS-CERT said it responded to 295 incidents from any sector during that period, a 20 percent increase from the previous fiscal year.

After critical manufacturing, the energy sector saw the second-highest number of cyberattacks, followed by wastewater systems with 25 and transportation with 23, according to the report.
The nature of the attacks is unclear, and the report did not include information on whether any of incidents led to data theft or damaged the affected networks.

Shortly before the report was released, however, ICS-CERT chief Marty Edwards said during a Wednesday industry conference that some of the attacks could have been facilitated by networks being connected to the internet.

“I am very dismayed at the accessibility of some of these networks," Edwards said, according to Reuters. "They are just hanging right off the tubes."