Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
Keep on working, great job!
Remarkable issues here. I’m very glad to peer your post.
Thank you so much and I’m taking a look ahead to touch you.
Will you please drop me a e-mail?
Wow, awesome weblog layout! How long have you been running a blog
for? you made blogging look easy. The overall look of your site is magnificent, as well as the content
material!
Valuable information. Fortunate me I found your web site by accident,
and I am shocked why this twist of fate didn’t happened earlier!
I bookmarked it.
It’s going to be ending of mine day, except before finish I am reading
this enormous article to increase my know-how.
What’s Going down i’m new to this, I stumbled upon this I have
discovered It absolutely useful and it has aided me out loads.
I hope to give a contribution & help other customers like its aided me.
Good job.
Excellent post. I am dealing with some of these issues
as well..
Very energetic article, I liked that a lot.
Will there be a part 2?
Thanks a bunch for sharing this with all people you actually recognize what you are talking
about! Bookmarked. Kindly also visit my website =).
We can have a link exchange agreement between us
Oh my goodness! Amazing article dude! Many thanks, However I am going through issues with your RSS.
I don’t know the reason why I cannot subscribe to it.
Is there anyone else having identical RSS issues?
Anybody who knows the answer will you kindly respond? Thanx!!
Good day! I know this is somewhat off topic but I was wondering if you knew where I could locate a captcha plugin for
my comment form? I’m using the same blog platform as yours and I’m having difficulty finding one?
Thanks a lot!
Excellent weblog right here! Additionally your web site lots up
very fast! What host are you the use of? Can I get your affiliate link in your host?
I want my website loaded up as quickly as yours lol
What’s up colleagues, its impressive post concerning tutoringand completely explained, keep it up all the time.
Hello There. I found your weblog the usage of msn. This is a very smartly written article.
I’ll make sure to bookmark it and return to learn more of your useful info.
Thanks for the post. I’ll definitely return.
Thank you for some other magnificent post. The place else may anyone get that type
of information in such an ideal manner of writing? I have a presentation next week, and I am at the
search for such info.
Hello! I’m at work surfing around your blog from my new iphone 3gs!
Just wanted to say I love reading through your blog and look forward
to all your posts! Keep up the outstanding work!
I am really loving the theme/design of your blog.
Do you ever run into any browser compatibility problems? A couple
of my blog audience have complained about my website not working
correctly in Explorer but looks great in Safari. Do you have any advice to help fix this issue?
Thanks very interesting blog!
Undeniably believe that which you stated. Your favorite reason appeared
to be on the net the easiest thing to be aware of. I
say to you, I definitely get irked while people consider worries that they plainly
do not know about. You managed to hit the nail upon the top as
well as defined out the whole thing without having side effect ,
people can take a signal. Will probably be back to get more.
Thanks
Hi there! This post couldn’t be written any better! Reading through this post reminds me of my
good old room mate! He always kept chatting about this.
I will forward this post to him. Fairly certain he will have
a good read. Thank you for sharing!