Cyber attackers whacked US industrial controls hundreds of times last year

Something to think about in the emerging era of intelligent, internet-connected lighting: Cyber attackers compromised US industrial control systems at least 245 times last year, according to the Department of Homeland Security.

The breaches did not target lighting systems per se. But they signaled the possibility that hackers could either take down lighting or use lighting networks to ride into other data and operations within an organisation, now that digital lighting is beginning to tie other systems through integrated controls and networks.

In 38 per cent of the cases, neither Homeland nor the victimised company could identify how the intruder entered.

'The majority of incidents were categorized as having an "unknown" access vector,' the department's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said in its newsletter. 'In these instances, the organization was confirmed to be compromised; however, forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network.'

Infiltrators used more than seven access methods in the 62 per cent of the cases where ICS-CERT was able to identify the hole. The most common technique was 'network scanning/probing', which perpetrators used 22 per cent of the time. Other tricks included 'spear phishing' (bogus emails that request information), 'weak authentication', 'abuse of access authority', 'removable media', 'SQL injection', and 'brute force invasion'.

ICS-CERT's mission is to reduce risks in 'critical infrastructure sectors.' It monitors a wide breadth of industries including energy, communications, commercial facilities, chemicals, 'critical manufacturing', defence, financial, food and agriculture, IT, transportation, water and others.

Companies in the energy sector incurred 32 per cent of the attacks, the most of any sector, ICS-CERT said. The 245 incidents came in the US fiscal year from Oct 1, 2014 through last Sepember.

The numbers are the latest reminder that smart lighting schemes cannot ignore cyber security. Earlier this year a porous smart TV  provided a similar lesson.

--

Photo is from Panptys via Shutterstock