The number of cyberattacks on the computer systems of power grid and gas pipeline companies rose in 2012, a federal report shows, as cyberspies zeroed in on the energy sector.
Cyberattackers zeroed in on computer systems run by power grid operators and natural gas pipeline companies last year, paying less attention to infiltrating networks belonging to water, chemical, and nuclear facilities, a new federal report shows.
Energy companies were clearly in the cyber bullseye in 2012, targeted in 41 percent of the malicious software attack cases reported to a special Department of Homeland Security (DHS) team that responds to cyberattacks on industrial computer networks.
The overall number of attacks remained flat at 198 incidents for the year, the same as 2011. But energy sector companies reported 82 cyberattacks last year, a sharp increase over the 31 cases reported in 2011, according to a report released last week by DHS's Industrial Control System-Cyber Emergency Response Team (ICS-CERT).
Among those energy-sector cyberattack cases, 23 involved oil and natural gas companies hit by a persistent months-long targeted spear-phishing campaign first reported by the Monitor in May. Also on the upswing were attacks on commercial manufacturing facilities that leaped to 19 last year from 2 in 2011.
Water systems were close behind among sectors most targeted, but still saw far fewer attacks compared with 2011. Cyberattacks reported on water plants fell to 19 incidents or 15 percent of last year's total compared with 81 attacks and a 41 percent share of the total when it was the largest single targeted sector in 2011.
Reported attacks on chemical companies also fell from nine to seven. Nuclear power and other facilities, which were in their own category separate from "energy," saw six reported incidents last year compared with 10 in 2011, the ICS-CERT report found.
What the numbers indicate is cyberspies focusing their efforts increasingly on the energy industry and less on everything else, experts say.