According to Reuters, late on Friday, the Department of Homeland Security (“DHS”) and the FBI issued a warning in a report, sent to firms at risk of an attack, that critical infrastructure industries may have been targeted in cyber-attacks as far back as May. The identified industries include nuclear, energy, aviation, water, critical manufacturing industries and government entities. The report indicates that hackers successfully compromised data at some of these targets. Further, the government believes that the attacks are ongoing.
This warning comes just one week after the State of Connecticut’s Chief Cybersecurity Risk Officer, Arthur H. House, released the first annual cybersecurity report on four of the state’s public utility providers. The report details the results of the cybersecurity reviews of Eversource Energy, Avangrid, Connecticut Water Company and Aquarian Water Company and concludes that the utility companies take cybersecurity risks seriously. These four utility companies agreed to participate in the annual reviews and continue to work with state officials and DHS to assess the cybersecurity defense for critical infrastructure. According to the report, the utility companies “have improved [their] defense capabilities during the past year in personnel/employee awareness and skills, focused programs and targeted capital investment.”
In addition to noting marked improvement in defense strategies, the report also identifies the areas that require continued and constant vigilance: malware unleashed by spear phishing attacks and third-party vendor management. For more information on third-party vendor management, please see our earlier article.