Water systems were close behind among sectors most targeted, but still saw far fewer attacks compared with 2011. Cyberattacks reported on water plants fell to 19 incidents or 15 percent of last year's total compared with 81 attacks and a 41 percent share of the total when it was the largest single targeted sector in 2011.
Reported attacks on chemical companies also fell from nine to seven. Nuclear power and other facilities, which were in their own category separate from "energy," saw six reported incidents last year compared with 10 in 2011, the ICS-CERT report found.
What the numbers indicate is cyberspies focusing their efforts increasingly on the energy industry and less on everything else, experts say.
"Campaigns are widening to include a successful attack against a key supplier of energy control systems and attempts to compromise a sector security consortium," writes Michael Assante, former chief security officer at the North American Electric Reliability Council, whose member companies run the nations' power grid, in an online comment on the DHS report. "Energy will continue to be an attractive target."
Despite increasing awareness of the threat, companies that rely on computerized systems for production – especially those in the energy sector – have a long way to go to defend themselves against sophisticated cyberspies, who are practically unimpeded in their efforts to map networks, set up digital beachheads inside networks, and steal e-mail, data and passwords, experts in industrial control system security say.