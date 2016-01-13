MIAMI Jan 13 A U.S. government cyber security
official warned that authorities have seen an increase in
attacks that penetrate industrial control system networks over
the past year, and said they are vulnerable because they are
exposed to the Internet.
Industrial control systems are computers that control
operations of industrial processes, from energy plants and steel
mills to cookie factories and breweries.
"We see more and more that are gaining access to that
control system layer," said Marty Edwards, who runs the
Department of Homeland Security's Industrial Control Systems
Cyber Emergency Response Team, or ICS-CERT.
ICS-CERT helps U.S. firms investigate suspected cyber
attacks on industrial control systems as well as corporate
networks.
Interest in critical infrastructure security has surged
since late last month when Ukraine authorities blamed a power
outage on a cyber attack from Russia, which would make it the
first known power outage caused by a cyber attack.
Experts attending the S4 conference of some 300 critical
infrastructure security specialists in Miami said the incident
has caused U.S. firms to ask whether their systems are
vulnerable to similar incidents.
Edwards said he believed the increase in attacks was mainly
because more control systems are directly connected to the
Internet.
"I am very dismayed at the accessibility of some of these
networks... they are just hanging right off the tubes," he said
in an on-stage interview with conference organizer Dale
Peterson.
Edwards did not say whether those attacks had caused any
service disruptions or threatened public safety.
Sean McBride, a critical infrastructure analyst with iSight
Partners who attended the talk, said the increase may reflect
more publicity in recent years over risks over cyber attacks,
which prompted operators to find more infections.
McBride said he could not say if the increase was troubling
because he did not know the intent of the attackers.
Edwards and a DHS spokesman declined to elaborate on his
comments.
ICS-CERT said in an alert this week that it had identified
malware used in the attack in Ukraine as BlackEnergy 3, a
variant of malware that the agency said in 2014 had infected
some U.S. critical infrastructure operators.
A DHS official said on Tuesday that government investigators
have not confirmed whether the BlackEnergy malware caused the
Ukraine incident.
"At this time there is no definitive evidence linking the
power outage in Ukraine with the presence of the malware," said
the official, who was not authorized to discuss the matter
publicly.
Edwards did not discuss the Ukraine attack during his talk.
(Reporting by Jim Finkle in Miami; Editing by Leslie Adler)