Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
I was extremely pleased to uncover this page. I wanted to
thank you for ones time due to this fantastic read!! I definitely liked every little bit of it and I have you
saved to fav to check out new stuff on your website.
What’s up it’s me, I am also visiting this site daily, this website is actually pleasant
and the users are actually sharing fastidious thoughts.
Hi mates, how is all, and what you want to say on the topic
of this post, in my view its genuinely awesome in support of me.
Ƭhanks for finally writing аbout >Cyberattack ߋn Critical
Infrastructure – Pentesting.іd <Loved it!
It’s very straightforward to find out any matter on net as
compared to books, as I found this paragraph at this
web site.
Hi there! I realize this is kind of off-topic however I needed to
ask. Does managing a well-established blog like yours require a massive amount work?
I’m completely new to running a blog but I do write in my journal on a daily
basis. I’d like to start a blog so I will be able to share my own experience and feelings online.
Please let me know if you have any recommendations or tips for brand new aspiring blog owners.
Thankyou!
Hello There. I found your weblog the usage of msn. That
is a really neatly written article. I’ll make sure to bookmark it and come
back to read extra of your useful information. Thanks for the post.
I’ll definitely return.
It’s an remarkable piece of writing for all the web users; they will get advantage from it I am sure.
I always used to read post in news papers but now as
I am a user of net therefore from now I am using net for articles, thanks to web.
It’s not my first time to visit this web site, i am visiting this
web site dailly and obtain good facts from
here daily.
I every time emailed this webpage post page to all my associates,
as if like to read it after that my links will too.
Your style is so unique in comparison to other folks I’ve read
stuff from. Many thanks for posting when you’ve got the opportunity, Guess I will
just bookmark this site.
Howdy! This article could not be written much
better! Looking at this post reminds me of my previous roommate!
He continually kept talking about this. I’ll
send this information to him. Fairly certain he will
have a very good read. Thanks for sharing!
This is awesome. Thanks for posting. #goodstuff
It’s really very complicated in this active life to listen news on Television, thus I
just use the web for that reason, and get the hottest
information.
Excellent post. I will be experiencing many of these issues as well..
Awesome blog! Do you have any helpful hints for aspiring
writers? I’m planning to start my own site soon but I’m a little lost on everything.
Would you advise starting with a free platform like WordPress or go for a paid option? There are
so many options out there that I’m totally overwhelmed ..
Any recommendations? Cheers!
Do you mind if I quote a few of your articles as long as I provide credit and sources back
to your weblog? My blog site is in the exact same area of interest as yours
and my users would definitely benefit from some of the information you provide here.
Please let me know if this okay with you.
Many thanks!
Hello there, I believe your website may be having web browser compatibility issues.
When I take a look at your blog in Safari, it looks fine however, if opening in IE,
it has some overlapping issues. I simply wanted to provide you with
a quick heads up! Besides that, great blog!
I know this web site presents quality dependent content and extra stuff,
is there any other web site which provides
these information in quality?