Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
Greetings! Very useful advice in this particular article!
It is the little changes which will make the largest changes.
Many thanks for sharing!
I quite like reading a post that will make people think.
Also, thank you for allowing for me to comment!
Thanks for your marvelous posting! I genuinely enjoyed reading it, you happen to be a
great author. I will be sure to bookmark your blog and will often come back from now on. I want to encourage you to ultimately continue your great writing, have
a nice afternoon!
This paragraph is really a pleasant one it assists new the web visitors, who are wishing
in favor of blogging.
An intriguing discussion is definitely worth comment.
I do believe that you should write more on this subject, it might not
be a taboo subject but typically people do not discuss such topics.
To the next! All the best!!
What’s up to every body, it’s my first go to see of
this web site; this webpage contains remarkable and genuinely excellent stuff for visitors.
A person necessarily help to make seriously posts I’d state.
This is the very first time I frequented your website
page and to this point? I amazed with the analysis
you made to create this particular put up extraordinary. Excellent process!
Write more, thats all I have to say. Literally,
it seems as though you relied on the video to make
your point. You obviously know what youre talking about,
why throw away your intelligence on just posting videos to your site when you
could be giving us something informative to read?
Great beat ! I would like to apprentice while you
amend your web site, how can i subscribe for a blog web
site? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear idea
I love it when people come together and share ideas. Great blog, keep it up!
Hello, I enjoy reading all of your article post. I like to write a little comment
to support you.
Hello i am kavin, its my first occasion to commenting anyplace, when i
read this piece of writing i thought i could also create comment due
to this good paragraph.
Hi, the whole thing is going nicely here and ofcourse
every one is sharing information, that’s genuinely fine, keep up writing.
Hi mates, how is the whole thing, and what you desire to say concerning this article,
in my view its actually amazing in favor of me.
We are a group of volunteers and opening a new scheme in our community.
Your web site offered us with valuable info to work on.
You have done a formidable job and our entire community will be grateful to you.
This is really attention-grabbing, You’re a very professional blogger.
I’ve joined your rss feed and look forward to searching for more of your great post.
Additionally, I’ve shared your website in my social networks
Superb blog you have here but I was wanting to know if you knew of any discussion boards that cover the
same topics talked about in this article? I’d really like to
be a part of community where I can get comments from other knowledgeable people that share the same
interest. If you have any suggestions, please let me know.
Many thanks!
Great delivery. Outstanding arguments. Keep up the amazing effort.
Howdy! This post couldn’t be written any better! Reading this post reminds me of my old
room mate! He always kept chatting about this. I will forward
this write-up to him. Fairly certain he will have a good read.
Many thanks for sharing!
This is very interesting, You’re a very skilled blogger.
I have joined your rss feed and look forward to seeking more of your fantastic post.
Also, I have shared your site in my social networks!