RISI reports water/wastewater cyber-incidents up sharply

March 30, 2010

SELLERSVILLE, Pa. – The number of control system security incidents in the water and wastewater industry rose sharply in 2009 according The Security Incidents Organization. The findings were published today in the "2009 Annual Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems."

The report is a detailed analysis of all incidents recorded up to December 31, 2009, in the Repository of Industrial Security Incidents (RISI). RISI is an industry-wide repository for collecting, analyzing and sharing high-value information regarding cyber security incidents that directly affect SCADA, manufacturing and process control systems.

At the time of publication, there were 175 confirmed incidents in the database. The analysis determined where and when the incidents occurred. It also identified the types of incidents and the threat factors that executed them and the methods and techniques used to gain entry. Results achieved versus the results that were attempted and the financial and operational impacts on the "victims" were included as well.

The body of the report provides detailed analyses of the incident data and compares recent data to historical data to identify shifts or trends of interest to the reader. A section of the report is dedicated solely to incidents occurring in 2009, including brief case studies for all incidents reported in during that time. The report also includes, for the first time, an overview of industrial control system vulnerabilities reported in 2009 courtesy of Critical-Intelligence, Inc.

A significant shift has been observed in the incident rates by industry over the past five years. RISI has observed an overall decline in the incident rate in the petroleum and chemical industries (over 80%), but an increase in the incident rate in the water and wastewater (over 300%) and the power and utilities industries (30%).

Despite a decline in recent years, the vast majority of control system cyber security incidents (almost 50%) reported by RISI have been caused by malware, including viruses, worms and trojans. However, incidents involving unauthorized access or sabotage perpetrated by internal sources -- such as a disgruntled former employee or contractor who uses inside knowledge or access privileges to cause harm to the company -- are up considerably in the same time period comparison. Also on the rise are incidents where network anomalies induced failures in control system equipment.