A new research brief highlights findings from a newly developed dataset of 130 cyberattacks against critical infrastructure worldwide dating back to 2009. The United States was the country most often targeted for cyberattacks regardless of motive, accounting for more than 19 percent of the incidents in the dataset.
The first-of-its-kind Significant Multi-Domain Incidents against Critical Infrastructure (SMICI) dataset was collected using only publicly available information and informs an ongoing effort to better understand adversaries’ multi-domain behavior and motivations. To be included in the dataset, attacks had to have originated from cyberspace, targeted a critical infrastructure sector and have been either a disruptive cyber-physical incident – an attack that has a direct effect in the physical space – or a disruptive cyber-operational incident – an attack that has an effect in the cyber realm which causes disruptions in the physical space.
The critical infrastructure sectors most commonly targeted by malicious state actors in the cyber realm were the energy (40%), transportation (19%) and critical manufacturing (17%) sectors. Of the attributed state malicious actors, Russia accounted for 60% of attacks, North Korea accounted for 20% of attacks and Iran accounted for 12% of the attacks.
By comparison, non-state malicious actors most commonly committed cyberattacks against the communications (43%), energy (29%), transportation (14%) and water (14%) sectors.