Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
Thank you for another informative blog. The place else could
I get that type of info written in such an ideal way? I’ve a challenge that I
am simply now running on, and I’ve been at the glance out for such information.
This is the perfect site for anybody who wishes to find out about this topic.
You know a whole lot its almost hard to argue with you (not that I really will need to…HaHa).
You definitely put a new spin on a topic that has been discussed for ages.
Wonderful stuff, just great!
Oh my goodness! Incredible article dude! Thank you, However I am having issues
with your RSS. I don’t understand why I cannot subscribe to it.
Is there anybody having similar RSS issues?
Anyone that knows the solution will you
kindly respond? Thanks!!
Valuable info. Fortunate me I found your site
by accident, and I am surprised why this twist of fate did not took place earlier!
I bookmarked it.
obviously like your web-site however you need to test the spelling on several of your posts.
Many of them are rife with spelling issues and I to find it very bothersome to inform the
truth nevertheless I will certainly come again again.
Undeniably believe that that you stated. Your favourite reason appeared to be on the web the simplest thing to keep
in mind of. I say to you, I certainly get irked at the
same time as folks consider concerns that they plainly do not realize about.
You managed to hit the nail upon the highest and also
defined out the whole thing with no need side-effects , folks can take a signal.
Will probably be again to get more. Thank you
Thanks for the auspicious writeup. It actually was a enjoyment account it.
Glance complicated to far brought agreeable from you!
By the way, how can we keep in touch?
Hello There. I discovered your blog the usage of msn. That is a very neatly written article.
I will make sure to bookmark it and come back to read extra of your helpful info.
Thank you for the post. I will definitely comeback.
Fastidious answer back in return of this matter with genuine arguments
and telling all concerning that.
I appreciate, lead to I discovered just what I used to be taking a look for.
You’ve ended my 4 day long hunt! God Bless
you man. Have a great day. Bye
There’s certainly a great deal to find out about this subject.
I really like all of the points you’ve made.
What’s up mates, how is all, and what you wish for to say on the
topic of this article, in my view its really amazing for
me.
I just like the helpful information you provide in your articles.
I will bookmark your blog and check again right here regularly.
I’m moderately sure I’ll learn lots of new stuff right right
here! Good luck for the following!
I am extremely impressed along with your writing talents and also with the format for your weblog.
Is that this a paid theme or did you modify it yourself?
Either way stay up the excellent high quality writing, it’s rare to peer a great blog like this one these days..
Wow, that’s what I was searching for, what a stuff!
existing here at this blog, thanks admin of this site.
Right here is the right web site for anybody who would like to understand
this topic. You understand so much its almost hard to argue with
you (not that I actually would want to…HaHa). You definitely put a new spin on a subject that has been discussed for decades.
Great stuff, just wonderful!
Spot on with this write-up, I absolutely believe this amazing site needs a great deal more attention.
I’ll probably be back again to see more, thanks for the info!
Greetings! I know this is kind of off topic
but I was wondering if you knew where I could get a
captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having difficulty finding one?
Thanks a lot!
Wow that was odd. I just wrote an really long comment but after I clicked
submit my comment didn’t show up. Grrrr… well I’m not writing all that over again. Anyhow, just wanted to say great blog!
It’s amazing designed for me to have a web site, which is useful for my experience.
thanks admin