Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
Its not my first time to pay a visit this site,
i am browsing this site dailly and obtain pleasant
data from here daily.
I know this web site provides quality dependent articles or reviews and
extra material, is there any other site which presents these stuff
in quality?
I am in fact happy to glance at this webpage posts which contains
lots of helpful information, thanks for providing such information.
Currently it looks like Expression Engine is the top blogging platform available right now.
(from what I’ve read) Is that what you’re using on your blog?
I’ve been surfing on-line greater than 3 hours today, yet I never found any interesting article like yours.
It is beautiful price sufficient for me. In my view,
if all website owners and bloggers made excellent content material as you
did, the web will probably be a lot more useful than ever before.
Pretty! This has been an extremely wonderful article. Thank
you for supplying this info.
When some one searches for his vital thing, thus he/she wants to be available that in detail, therefore that thing is maintained over here.
I believe what you composed was very reasonable.
But, what about this? suppose you wrote a catchier post title?
I mean, I don’t wish to tell you how to run your website, but suppose you added a headline to
possibly get folk’s attention? I mean Cyberattack on Critical Infrastructure – Pentesting.id is kinda boring.
You might glance at Yahoo’s home page and see how they create post headlines to
grab people to click. You might add a video or a pic or two to grab readers interested about what you’ve written. In my opinion, it would bring
your posts a little livelier.
I know this if off topic but I’m looking into starting my own weblog and was wondering what all is
required to get setup? I’m assuming having a blog like yours would cost a
pretty penny? I’m not very web savvy so I’m not 100% positive.
Any tips or advice would be greatly appreciated. Kudos
Hello! I know this is kinda off topic nevertheless I’d figured I’d ask.
Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa?
My blog covers a lot of the same topics as yours and I feel we could greatly benefit from each other.
If you are interested feel free to send me an email.
I look forward to hearing from you! Excellent blog by the way!
It’s nearly impossible to find educated people for this subject, but you seem like you know
what you’re talking about! Thanks
It’s in fact very complex in this full of activity life to listen news on TV,
so I simply use web for that purpose, and get the most recent news.
We’re a bunch of volunteers and starting a new scheme in our community.
Your site provided us with useful info to work on. You have done a formidable process and our whole neighborhood will be grateful to you.
Sweet blog! I found it while browsing on Yahoo News.
Do you have any suggestions on how to get listed in Yahoo News?
I’ve been trying for a while but I never seem to get there!
Cheers
Hi! I know this is kinda off topic however I’d figured I’d ask.
Would you be interested in trading links or maybe guest authoring a blog article or vice-versa?
My blog covers a lot of the same subjects as yours and I think we could greatly benefit
from each other. If you are interested feel free to shoot me an email.
I look forward to hearing from you! Excellent blog
by the way!
Wow, amazing blog layout! How long have you been blogging for?
you make blogging look easy. The overall look of your website is wonderful, let alone the content!
I do not know whether it’s just me or if perhaps everyone else encountering issues with your
site. It appears like some of the written text within your posts are running off the screen. Can someone
else please comment and let me know if this is happening to them too?
This could be a problem with my web browser because I’ve had this happen before.
Appreciate it
I am extremely inspired together with your writing abilities as smartly as with the layout for your weblog.
Is that this a paid subject matter or did you modify it
your self? Anyway stay up the nice high quality writing, it is uncommon to see a nice blog like this
one these days..
If some one wants to be updated with most up-to-date technologies then he must be pay a visit this website and be up to date everyday.
I really love your website.. Great colors & theme. Did
you develop this website yourself? Please reply back as I’m planning to create
my very own blog and want to learn where you got this from or what
the theme is named. Thanks!