Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
Wonderful site you have here but I was curious about
if you knew of any discussion boards that cover the same
topics talked about in this article? I’d really like to be a part of group where I
can get comments from other knowledgeable people that share the same interest.
If you have any recommendations, please let me know.
Bless you!
What’s up, all is going well here and ofcourse every one is sharing information, that’s truly
excellent, keep up writing.
Great article! This is the type of information that are supposed to be shared
around the web. Disgrace on the seek engines for not positioning this put up higher!
Come on over and discuss with my web site . Thanks =)
Greetings, I think your blog might be having
browser compatibility problems. When I take a look at your blog in Safari,
it looks fine however when opening in Internet Explorer,
it’s got some overlapping issues. I just wanted to provide you with
a quick heads up! Other than that, excellent blog!
Hey there would you mind letting me know which
hosting company you’re working with? I’ve loaded your blog in 3
completely different internet browsers and I must say this
blog loads a lot faster then most. Can you suggest a good web hosting provider
at a honest price? Thanks, I appreciate it!
You need to be a part of a contest for one of the most useful
sites on the web. I will recommend this blog!
Greetings! I’ve been following your website for a long time now and finally got the
courage to go ahead and give you a shout out from Dallas Tx!
Just wanted to tell you keep up the great work!
Wow, fantastic blog layout! How long have you been blogging for?
you made blogging look easy. The overall look of your web site is great, let alone the content!
Do you have any video of that? I’d want to find out some additional information.
I was recommended this blog by my cousin. I am not sure whether this post is written by him
as no one else know such detailed about my trouble. You are incredible!
Thanks!
Hi, i think that i saw you visited my site thus i came to “return the favor”.I’m attempting to find things
to enhance my site!I suppose its ok to use a few of your ideas!!
You’re so interesting! I don’t think I’ve truly read anything
like that before. So good to discover someone with some genuine thoughts on this subject matter.
Really.. thanks for starting this up. This web site is one thing
that is required on the internet, someone with some originality!
Because the admin of this site is working, no question very quickly it will be famous, due to its quality contents.
Great blog you’ve got here.. It’s difficult to find high quality writing like yours nowadays.
I seriously appreciate people like you! Take care!!
I’m extremely inspired along with your writing skills and also with the
layout on your blog. Is that this a paid topic or did
you modify it your self? Either way stay up the nice high quality writing, it’s uncommon to look
a great weblog like this one these days..
After I originally commented I appear to have clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I receive four emails with the exact same comment.
Is there an easy method you can remove me from that service?
Thanks a lot!
Thank you, I have just been searching for info approximately this subject for a long time and yours
is the best I have discovered till now. However, what in regards to the bottom line?
Are you certain in regards to the supply?
I think this is among the most vital information for me.
And i’m glad reading your article. But want to
remark on few general things, The web site style is great, the articles is really excellent : D.
Good job, cheers
Fantastic site you have here but I was curious about if you knew of any user discussion forums that cover the same topics discussed here?
I’d really like to be a part of group where I can get comments from other
knowledgeable individuals that share the same interest.
If you have any suggestions, please let me know.
Thanks a lot!
A person necessarily help to make severely articles I might state.
This is the very first time I frequented your web page and up to now?
I amazed with the analysis you made to create this actual post amazing.
Wonderful process!