Energy facility cyber incidents rose nearly a third last year, DHS says

Homeland Security received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.

The agency responsible for protecting the nation from cybercrime said in a new report this week it worked to mitigate 290 incidents last year across more than a dozen industries that rely on computer controls to run industrial sites, including manufacturing sites, power generation facilities, refineries, chemical plants and nuclear facilities.

It found more than a quarter of these intrusions originated from so-called spear phishing emails that hackers use to trick people into downloading infected attachments or clicking on virus-laden links. More than one in 10 came from network probing and scanning.

“Every year, adversaries develop increasingly sophisticated attacks against control system networks,” Homeland Security’s Industrial Control Systems Cyber Emergency Response Team said. “There is no way to know what cybersecurity threats 2017 will bring, but we do know that new threats will emerge.”

The increased number of intrusions into energy computer controls last year brings the number of such incidents in the industry to more than 400 since 2011, Homeland Security data show.

Related: Energy industry’s controls provide an alluring target for cyberattacks

Security specialists say that’s likely a conservative number because energy companies aren’t required to report cyberattacks to the U.S. government.

Also, the vast majority oil and gas companies lack the technology and personnel to constantly monitor operational systems for anomalous activity, leaving them without means to detect intrusions when they happen, federal cyber security officials and private security specialists say. In past years, Homeland Security has admitted it doesn’t know where most cyberattacks against critical U.S. assets originate.

Related: Cybersecurity experts easily infiltrate energy companies’ networks