Concepts to Analyze the Vulnerability of Critical Infrastructures-Taking Into Account Cybernetics (original) (raw)
Related papers
Analyzing the Cyber Risk in Critical Infrastructures
Issues on Risk Analysis for Critical Infrastructure Protection [Working Title]
Information and communication technology (ICT) plays an important role in critical infrastructures (CIs). Some ICT-based services are in itself critical for the functioning of society while other ICT elements are essential for the functioning of critical processes within CIs. Moreover, many critical processes within CIs are monitored and controlled by industrial control systems (ICS) also referred to as operational technology (OT). In line with the CI-concept, the concept of critical information infrastructure (CII) is introduced comprising both ICT and OT. It is shown that CIIs extend beyond the classical set of CIs. The risk to society due to inadvertent and deliberate CI/CII disruptions has increased due to the interrelation, complexity, and dependencies of CIs and CIIs. The cyber risk due to threats to and vulnerabilities of ICT and OT is outlined. Methods to analyze the cyber risk to CI and CII are discussed at both the organization, national, and the service chain levels. Cybe...
Handbook of Research on Cybersecurity Risk in Contemporary Business Systems, 2023
Protecting networks that are part of industrial control systems (ICS), such as supervisory control and data acquisition (SCADA) systems, is a significant issue that affects public health as well as public safety and national security. Industrial control systems such as the SCADA systems that manage our electrical grids, oil pipelines, and water distribution systems remain vulnerable to cyber-attacks from different directions through various technologies in the U.S. It is essential to understand that the security of critical infrastructure goes far beyond the scope of cybersecurity. Qualitative interviews with subject matter experts were used to discover the best practices for protecting these systems.
Security is essential in protecting confidential data, especially in Supervisory Control and Data Acquisition (SCADA) systems which monitor and control national critical infrastructures, such as energy, water and communications. Security controls are implemented to prevent attacks that could destroy or damage critical infrastructures. Previous critical infrastructure surveys point out the gaps in knowledge, including the lack of coordination between sectors, inadequate exchange of information, less awareness and engagement in government critical infrastructure protection (CIP) programs. Consequently, private sector and government organizations feel less prepared. This paper highlights existing vulnerabilities, provides a list of previous attacks, discusses existing cyber security methodologies and provides a framework aiming to improve security in SCADA systems to protect them against cyber-attacks.
SCADA Systems Cyber Security for Critical Infrastructures
International Journal of Cyber Warfare and Terrorism, 2016
Past cyber-attacks on Supervisory Control and Data Acquisition (SCADA) Systems for Critical infrastructures have left these systems compromised and caused financial and economic problems. Deliberate attacks have resulted in denial of services and physical injury to the public in certain cases. This study explores the past attacks on SCADA Systems by examining nine case studies across multiple utility sectors including transport, energy and water and sewage sector. These case studies will be further analysed according to the cyber-terrorist decision-making theories including strategic, organisational and psychological theories based on McCormick (2000). Next, this study will look into cyber-terrorist capabilities in conducting attacks according to Nelson's (1999) approach that includes simple-unstructured, advance-structured and complex-coordinated capabilities. The results of this study will form the basis of a guideline that organisations can use so that they are better prepare...
A Holistic Approach for Cyber Assurance of Critical Infrastructure with the Viable System Model
IFIP Advances in Information and Communication Technology, 2014
Industrial Control Systems (ICSs) are of the most important components of National Critical Infrastructure. They can provide control capabilities in complex systems of critical importance such as energy production and distribution, transportation, telecoms etc. Protection of such systems is the cornerstone of essential service provision with resilience and in timely manner. Effective risk management methods form the basis for the protection of an Industrial Control System. However, the nature of ICSs render traditional risk management methods insufficient. The proprietary character and the complex interrelationships of the various systems that form an ICS, the potential impacts outside its boundaries, along with emerging trends such as the exposure to the Internet, necessitate revisiting traditional risk management methods, in a way that treat an ICS as a system-of-systems rather than a single, one-off entity. Towards this direction, in this paper we present enhancements to the traditional risk management methods at the phase of risk assessment, by utilising the cybernetic construct of the Viable System Model (VSM) as a means towards a holistic view of the risks against Critical Infrastructure. For the purposes of our research, utilising VSM's recursive nature, we model the Supervisory Control and Data Acquisition (SCADA) system, a most commonly used ICS, as a VSM and identify the various assets, interactions with the internal and external environment, threats and vulnerabilities.
SCADA SYSTEM VULNERABILITY AND THREAT TO CRITICAL INFRASTRUCTURE
Abstract—Supervisory Control and Data Acquisition (SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized realtime process control systems, over geographically dispersed continuous distribution operations, are increasingly subject to serious damage and disruption by cyber means due to their standardization and connectivity to other networks. However, SCADA systems generally have little protection from the escalating cyber threats. In order to understand the potential danger and to protect SCADA systems, this project is to study the possible vulnerabilities of SCADA system and to present a set of security oriented goals.
CYBER WARFARE AND CRITICAL INFRASTRUCTURE SECURITY
PowerGen Europe 2017 Conference, Cologne-GERMANY, 2017
The need to access to the information in a fast and reliable way has become an inevitable and urgent requirement within the scope of technological advances. Both the need of accessing to the information and the necessity to protect the information from malware and attackers, emphasize once more that the information security and cyber defense should be underlined with great attention. Today, the number of the systems, which do not interact with IT infrastructure, is quite insignificant. Critical infrastructures are managed centrally by using IT infrastructure. Security of critical infrastructures has become a main problem on its own. The notion of cyber-attacks is generally perceived as premeditated disruptive activities against computer networks, computer programs and data to create chaos and impair functioning infrastructures. Despite significant investment in technology and infrastructure, cyber-attacks represent one of the greatest challenges in information security. Cyber-attacks primarily pose threats to Internet-based applications and can disable a country’s power or other assets, which are connected to the Internet. By penetrating computer systems that control the energy and other basic services in a country, cyber-attacks can bring down a national service, causing serious cascading effects to create chaos and destabilize a country. Cyber-attacks do not pose a direct threat to infrastructures that are completely isolated from the internet but these infrastructures may be vulnerable to cyber sabotage (e.g. manual importing of virus). With this article, importance of the information and critical infrastructure security and cyber defense will be discussed by proposing solutions against cyber-attacks and possible cyber-attacks regarding the preventive enterprise applications and security of critical infrastructures like power generation and SCADA systems.
Features of Ensuring Cybersecurity of the Critical Infrastructure of the State
Theoretical and Applied Cybersecurity, 2020
One of the most important tasks of national security in modern conditions is to ensure the security and stable functioning of critical infrastructure of the state. Control systems are an integral and most vulnerable part of critical infrastructure facilities. This determines the importance of ensuring they are protected from destructive cyber actions. Destructive cyber actions in it is accompanied, as a rule, by chain effects and synergistic effects that systematically influence and cover all other spheres of the life of society and the state, both in ordinary and, especially, in critical conditions. The authors systematically and comprehensively analyzed and presented in the article the results of investigations of the features of destructive cyber actions in the critical infrastructure of state, counteracting them and protecting from them.
Quantification of the Impact of Cyber Attack in Critical Infrastructures
Lecture Notes in Computer Science, 2014
In this paper we report on a recent study of the impact of cyberattacks on the resilience of complex industrial systems. We describe our approach to building a hybrid model consisting of both the system under study and an Adversary, and we demonstrate its use on a complex case study-a reference power transmission network (NORDIC 32), enhanced with a detailed model of the computer and communication system used for monitoring, protection and control. We studied the resilience of the modelled system under different scenarios: i) a base-line scenario in which the modelled system operates in the presence of accidental failures without cyber-attacks; ii) scenarios in which cyber-attacks can occur. We discuss the usefulness of our findings and outline directions for further work.
Cyber Attacks on Critical Infrastructure
Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance, 2015
We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities o...