Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
Great article, totally what I was looking for.
At this time I am going to do my breakfast, after having my breakfast coming
yet again to read more news.
Pretty! This has been an extremely wonderful post.
Thank you for providing these details.
Hi, I do believe this is a great site. I stumbledupon it
😉 I may come back once again since i have bookmarked it.
Money and freedom is the greatest way to change, may you be rich and continue to help
others.
Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your
site? My blog site is in the exact same area of interest as yours and my users would
really benefit from some of the information you present here.
Please let me know if this okay with you. Thank you!
Whats up this is somewhat of off topic but I was wanting to know if blogs use WYSIWYG
editors or if you have to manually code with HTML. I’m starting a
blog soon but have no coding skills so I wanted to get guidance from someone with experience.
Any help would be enormously appreciated!
After looking into a handful of the blog posts on your website, I truly
like your way of writing a blog. I added it to my bookmark webpage list and will be checking back in the near future.
Please visit my web site as well and tell me how you feel.
Hello There. I found your blog using msn. This is a really well written article.
I will make sure to bookmark it and come back to read more of your useful info.
Thanks for the post. I’ll certainly return.
You actually make it seem so easy with your presentation but I find this matter to be actually something
which I think I would never understand. It seems too complicated
and very broad for me. I’m looking forward for your next post, I’ll try to get the hang of it!
I am not certain where you’re getting your information, but
good topic. I needs to spend some time learning more or figuring out more.
Thanks for wonderful info I was looking for this information for
my mission.
Its like you learn my thoughts! You seem to know a lot
approximately this, such as you wrote the book in it or something.
I believe that you simply can do with some p.c. to power the message home
a bit, however other than that, that is magnificent blog.
A great read. I will definitely be back.
Thank you for the auspicious writeup. It if truth be told used to be a entertainment account
it. Look advanced to more introduced agreeable from you!
However, how could we communicate?
Spot on with this write-up, I honestly feel this site needs much more attention. I’ll probably be back again to read more, thanks for the info!
Thank you for the auspicious writeup. It in reality was a
amusement account it. Look complex to far brought agreeable from you!
By the way, how could we keep in touch?
Wow, superb blog layout! How long have you been blogging for?
you make blogging look easy. The overall look of your web site is
great, let alone the content!
It is not my first time to visit this web site, i am visiting this website dailly and get pleasant data from here everyday.
Very good post. I will be experiencing many of these issues as well..
Thank you for sharing your info. I really appreciate your efforts and I am waiting for your
further post thank you once again.
I was curious if you ever considered changing the layout of your blog?
Its very well written; I love what youve got to say. But maybe you could a little more
in the way of content so people could connect with
it better. Youve got an awful lot of text for only having 1 or two pictures.
Maybe you could space it out better?
Great post. I was checking constantly this weblog and I’m
inspired! Extremely helpful info specifically the ultimate phase 🙂 I deal with such information a lot.
I was seeking this certain information for a long time.
Thank you and best of luck.