Evaluating the effects of cyber-attacks on critical infrastructures in the context of Tallinn Manual (original) (raw)
Related papers
Protecting Critical Assets and Infrastructures from Cyber Attacks
The impact of computer and communications systems in recent decades has not bypassed the national security of states in general, and the State of Israel in particular. Most systems in developed societies rely on computer and information infrastructures, and this growing dependence on information and communication technologies means that a blow to computers and information flow processes is liable to disrupt, paralyze, and sometimes even cause substantive physical damage to essential systems. Computer-based capabilities and their near-global ubiquity expose states to harm in cyberspace by various elements, including hostile countries, terrorist organizations, criminal elements, and even individuals driven by personal challenges or anarchist motives. The threat is particularly acute as management, control, and monitoring systems can be disrupted through changes to a computer program, and no physical attack is needed. Thus, it stands to reason that the face of future conflicts will be transformed beyond recognition. The strength of a sovereign state is a function of economic, societal, and scientific strength combined with military strength, and the purpose of the military strength is to protect the state's territory and its citizens so that they can cultivate and maintain economic strength. The vulnerability of computers and communications systems to cyber attacks entails a dramatic change in the concept of military strength. For the first time, it is possible to mortally wound national economic strength by paralyzing economic and civilian systems without using firepower and force maneuvers. Thus, the ability of states to operate in cyberspace for Dr. Col. (ret.) Gabi Siboni is head of the Military and Strategic Affairs Program at INSS and head of the Cyber Warfare Program at INSS, supported by the Philadelphia-based Joseph and Jeanetter Neubauer Foundation.
Analyzing the Cyber Risk in Critical Infrastructures
Issues on Risk Analysis for Critical Infrastructure Protection [Working Title]
Information and communication technology (ICT) plays an important role in critical infrastructures (CIs). Some ICT-based services are in itself critical for the functioning of society while other ICT elements are essential for the functioning of critical processes within CIs. Moreover, many critical processes within CIs are monitored and controlled by industrial control systems (ICS) also referred to as operational technology (OT). In line with the CI-concept, the concept of critical information infrastructure (CII) is introduced comprising both ICT and OT. It is shown that CIIs extend beyond the classical set of CIs. The risk to society due to inadvertent and deliberate CI/CII disruptions has increased due to the interrelation, complexity, and dependencies of CIs and CIIs. The cyber risk due to threats to and vulnerabilities of ICT and OT is outlined. Methods to analyze the cyber risk to CI and CII are discussed at both the organization, national, and the service chain levels. Cybe...
Features of Ensuring Cybersecurity of the Critical Infrastructure of the State
Theoretical and Applied Cybersecurity, 2020
One of the most important tasks of national security in modern conditions is to ensure the security and stable functioning of critical infrastructure of the state. Control systems are an integral and most vulnerable part of critical infrastructure facilities. This determines the importance of ensuring they are protected from destructive cyber actions. Destructive cyber actions in it is accompanied, as a rule, by chain effects and synergistic effects that systematically influence and cover all other spheres of the life of society and the state, both in ordinary and, especially, in critical conditions. The authors systematically and comprehensively analyzed and presented in the article the results of investigations of the features of destructive cyber actions in the critical infrastructure of state, counteracting them and protecting from them.
Cyber Attacks:Emerging Threats to the 21st Century Critical Information Infrastructures
Obrana a strategie (Defence and Strategy), 2012
The paper explores the notion of cyber attack as a concept for understanding modern conflicts. It starts by elaborating a conceptual theoretical framework, observing that when it comes to cyber attacks, cyber war and cyber defense there are no internationally accepted definitions on the subject, mostly because of the relative recency of the terms. The second part analyzes the cyber realities of recent years, emphasizing the most advertised cyber attacks in the international mass media: Estonia (2007) and Georgia (2008), with a focus on two main lessons learned: how complicated is to define a cyber war and how difficult to defend against it. Crucial implications for world's countries and the role of NATO in assuring an effective collective cyber defense are analyzed in the third part. The need for the development of strategic cyber defense documents (e.g. NATO Cyber Defense Policy, NATO Strategic Concept) is further examined. It is suggested that particular attention should be pa...
CYBER WARFARE AND CRITICAL INFRASTRUCTURE SECURITY
PowerGen Europe 2017 Conference, Cologne-GERMANY, 2017
The need to access to the information in a fast and reliable way has become an inevitable and urgent requirement within the scope of technological advances. Both the need of accessing to the information and the necessity to protect the information from malware and attackers, emphasize once more that the information security and cyber defense should be underlined with great attention. Today, the number of the systems, which do not interact with IT infrastructure, is quite insignificant. Critical infrastructures are managed centrally by using IT infrastructure. Security of critical infrastructures has become a main problem on its own. The notion of cyber-attacks is generally perceived as premeditated disruptive activities against computer networks, computer programs and data to create chaos and impair functioning infrastructures. Despite significant investment in technology and infrastructure, cyber-attacks represent one of the greatest challenges in information security. Cyber-attacks primarily pose threats to Internet-based applications and can disable a country’s power or other assets, which are connected to the Internet. By penetrating computer systems that control the energy and other basic services in a country, cyber-attacks can bring down a national service, causing serious cascading effects to create chaos and destabilize a country. Cyber-attacks do not pose a direct threat to infrastructures that are completely isolated from the internet but these infrastructures may be vulnerable to cyber sabotage (e.g. manual importing of virus). With this article, importance of the information and critical infrastructure security and cyber defense will be discussed by proposing solutions against cyber-attacks and possible cyber-attacks regarding the preventive enterprise applications and security of critical infrastructures like power generation and SCADA systems.
Cyber Security of Critical Infrastructures in Smart Cities, 2019
Smart city is a trending topic that many researchers from different disciplines are interested in. Even though it is supposed to be a study field of public administration, it has also technical dimensions which are focused on by researchers from engineering sciences. On the other hand, there is a security dimension of smart cities which has a boundary that includes multidisciplinary contributions. The security of cities has been an essential issue throughout the ages, but with the emergence of smart cities, the development of internet and communication technologies, and as a consequence of interconnection of critical infra structures in the smart cities, a new dimension of security has been emerged as the headline of security studies. This headline is cyber security. This study aims to investigate cyber security issues in smart cities particularly focusing on critical infrastructures and presents a recommendatory model for providing cyber security of critical infrastructures in smart cities.
Cyber Interdependencies in Critical Infrastructure
As the United States critical infrastructure becomes more dependent on computer-networked systems, the threat and risk of a massive cyber-attack can bring it all crashing down. As critical infrastructure leaders have implemented supervisory control and data acquisition (SCADA) systems, the risk of a full-scale cyber-attack is a real threat. The US government and private industry must be vigilant in ensuring that systems with connections to the internet cannot be compromised by terrorist or enemy nations. With a vast majority of the US population completely reliant upon all facets of the critical infrastructure for survival, it is imperative that the 16 Critical infrastructure Sectors are protected physically and in cyberspace. Nation states such as China, Russia, Iran and North Korea are constantly bombarding the US and her allies through cyber-attacks. There are those who doubt the abilities of terrorist to attack the critical infrastructure and key resources stating that terrorist lack the intellect and resources to coordinate an attack of this level. While this may be true now, it is not to say they are not planning for it in the future. Prime targets for terrorism usually include inflicting as many casualties as possible on large groups of people to incite fear in to a population. However, this is a very primitive method of forcing ideals upon ones enemy. If they really want influence on the world stage carrying out and executing a cyber-attack on the US critical infrastructure may do this and with a computer, an internet connection and a determined person that knows how to use them they could execute mass chaos on the US. With the help of nation states such as Iran, they could do this and take the blame rather than the country taking the blame. The new battlefield has been set, it is not fought with tanks, aircraft, bombs, and guns, it is fought in cyberspace.
National Security 2.0: The Cyber Security of Critical Infrastructure
Perceptions: Journal of International Affairs, 2022
Thanks to technological advancements in recent years, critical infrastructure has become both irreplaceable for modern social life-and highly vulnerable. Safe, effective and efficient management of critical infrastructure is a sign of a state's social welfare and economic development. Ensuring the security of critical infrastructure is essential for national security, and is becoming ever more dependent on network technology. Indeed, providing for the cybersecurity of critical infrastructure, i.e., protecting it from cyber attack, is the chief goal of modern states' cybersecurity strategy. The present study aims to reveal the importance of ensuring the cybersecurity of critical infrastructure within the scope of national security. First, the relationship between the concept of national security and cyber threats is scrutinized from a realist perspective. The interaction of the critical infrastructure concept and cybersecurity is then analyzed from a theoretical and technical point of view. In addition to official documents published by the United States, which has the world's most advanced cybersecurity infrastructure, the study includes definitions of related concepts published by Turkey, a country that has made significant progress in recent years in terms of the cybersecurity of its critical infrastructure.
Cybersecurity for Infrastructure: A Critical Analysis
Florida State University Law Review, 2017
Nations and their citizens rely on infrastructures. Their incapacitation or destruction could prevent nations from protecting themselves from threats, cause substantial economic harm, and even result in the loss of life. Therefore, safeguarding these infrastructures is an obvious strategic task for any sovereign state. While the need to protect critical infrastructures (CIs) is far from novel, digitization brings new challenges as well as increased cyber-risks. This need is self-evident; yet, the optimal policy regime is debatable. The United States and other nations have thus far opted for very light regulation, merely encouraging voluntary steps while choosing to intervene only in a handful of sectors. Over the past few years, several novel laws and regulations addressing this emerging issue have been legislated. Yet, the overall trajectory of limited regulatory intervention has not changed. With that, the wisdom of such a limited regulatory framework must be revisited and possibly reconsidered. This Article fills an important gap in the legal literature by contributing to and promoting this debate on cyber-risk regulation of CIs, while mapping out the relevant rights, options, and interests this ‘critical’ debate entails and setting forth a regulatory blueprint that balances the relevant factors and considerations. The Article begins in Part II by defining CIs and cyber risks and explaining why cyber risk requires a reassessment of CI protection strategies. Part III describes the means used by the United States and several other nations to address cyber risks of CIs. Part IV examines a market-based approach with minimal governmental intervention to critical infrastructure cyber-regulation, along with the various market failures, highlighting assorted minimal measures to correct these problems. It further examines these limited forms of regulation, which merely strive to bridge information and expertise barriers, assign ex post liability for security-related harms, or provide other specific incentives — and finds them all insufficient. Part V continues the normative evaluation of CI cyber-protection models, focusing on ex ante approaches, which require more intrusive government involvement in terms of setting and enforcing standards. It discusses several concerns with this regulatory strategy, including the lack of governmental expertise, regulatory capture, compromised rights, lack of transparency, and the centralization of authority. Finally, in Part VI, the Article proposes a blueprint for CI cyber protection that goes beyond the mere voluntary regulatory strategy applied today.