Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
What a material of un-ambiguity and preserveness of precious familiarity
about unpredicted feelings.
Hey I am so thrilled I found your blog, I really found
you by accident, while I was searching on Yahoo for something else, Regardless I am here now and would just like to say many thanks for a remarkable post and a all round thrilling blog (I
also love the theme/design), I don’t have time to read through it
all at the moment but I have book-marked it and also added in your RSS feeds, so
when I have time I will be back to read a great deal more, Please do keep up the fantastic work.
Thank you for the auspicious writeup. It in fact was a amusement account
it. Look advanced to far added agreeable from you!
By the way, how can we communicate?
These are truly great ideas in concerning blogging.
You have touched some fastidious points here. Any way keep
up wrinting.
It’s difficult to find educated people on this subject, however,
you sound like you know what you’re talking about!
Thanks
Admiring the commitment you put into your site and detailed information you provide.
It’s good to come across a blog every once in a while that isn’t the same out of date rehashed information. Excellent read!
I’ve bookmarked your site and I’m adding your RSS feeds to my Google account.
I don’t know whether it’s just me or if perhaps everybody else encountering problems with your website.
It looks like some of the text in your content are running off the screen. Can somebody else please comment and let me know if this is happening to them too?
This may be a issue with my web browser because I’ve had this happen previously.
Thanks
I really like what you guys are usually up too.
This kind of clever work and reporting! Keep up the very good works guys I’ve added you guys
to our blogroll.
For the reason that the admin of this website is working,
no doubt very soon it will be famous, due to its feature contents.
It’s a pity you don’t have a donate button!
I’d definitely donate to this superb blog! I guess for now
i’ll settle for book-marking and adding your RSS feed to my Google account.
I look forward to fresh updates and will share this website with my Facebook group.
Chat soon!
Hi there! This is my first comment here so I just wanted to give a quick
shout out and tell you I genuinely enjoy reading
through your articles. Can you recommend any other blogs/websites/forums that
cover the same topics? Thank you so much!
Its like you learn my thoughts! You appear to grasp a lot about
this, such as you wrote the guide in it or something. I feel
that you can do with some % to power the message home a little bit, but other than that, that is fantastic
blog. A fantastic read. I’ll certainly be back.
After I initially left a comment I seem to have clicked the -Notify me
when new comments are added- checkbox and now each time a comment is added I
get four emails with the same comment. Perhaps there is
a means you can remove me from that service?
Thanks!
This paragraph is genuinely a fastidious one it assists new net users, who are wishing for blogging.
Thanks for finally writing about >Cyberattack on Critical Infrastructure – Pentesting.id <Loved it!
certainly like your web site however you need to take a look
at the spelling on several of your posts. Many of them are rife with spelling problems and I find it very bothersome
to tell the reality on the other hand I will surely
come back again.
Great delivery. Outstanding arguments. Keep up
the good effort.
I know this if off topic but I’m looking into starting
my own blog and was curious what all is required to
get set up? I’m assuming having a blog like yours would cost a pretty penny?
I’m not very internet smart so I’m not 100% certain. Any recommendations or advice would be greatly
appreciated. Thank you
Thanks a lot for sharing this with all of us you really recognise what you are talking approximately!
Bookmarked. Kindly additionally seek advice from my site =).
We can have a link exchange contract among us
Hello There. I found your blog using msn. This is a very well written article.
I’ll be sure to bookmark it and come back to read more of your useful information. Thanks
for the post. I’ll definitely return.