Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
What’s up to all, as I am actually eager of reading this weblog’s post to be
updated daily. It consists of nice information.
Hey there! This is kind of off topic but I need some guidance from an established blog.
Is it hard to set up your own blog? I’m not very techincal but I can figure
things out pretty quick. I’m thinking about creating
my own but I’m not sure where to start. Do you have any ideas or suggestions?
Cheers
After looking over a number of the blog articles on your
site, I truly appreciate your technique of writing a blog.
I book-marked it to my bookmark site list and will be checking back
in the near future. Please visit my website as well and let me know what you think.
I’ll right away seize your rss as I can not find your e-mail subscription link or e-newsletter service.
Do you have any? Please let me recognise so that I could subscribe.
Thanks.
web site backlink indexletme çalışması.
Thank you for the auspicious writeup. It in fact was a amusement account it.
Look advanced to more added agreeable from you!
By the way, how could we communicate?
강남오피 오달ohdar1.com 오피의달인 강남풀사롱
강남안마 2 강남휴게텔 인천오피
인천안마 http://www.ohdar1.com,수원안마경기오피 annd bloggers
made good content ass you did, the
I feel that is one of the such a lot significant info for me.
And i am satisfied reading your article. However want to commentary on some basic issues, The web site taste is
ideal, the articles is in reality excellent : D.
Just right job, cheers
Nice answer back in return of this question with solid arguments
and explaining the whole thing about that.
Great web site you have got here.. It’s hard to find high quality writing like
yours these days. I honestly appreciate people like you!
Take care!!
Do you have any video of that? I’d want to find out more details.
Hi friends, nice piece of writing and fastidious urging commented at
this place, I am actually enjoying by these.
I think everything published made a ton of sense. But, think
about this, suppose you were to create a awesome headline?
I ain’t saying your content isn’t solid., but suppose you added a post title that makes people want more?
I mean Cyberattack on Critical Infrastructure – Pentesting.id is a little vanilla.
You ought to glance at Yahoo’s front page and watch how they create post headlines to get viewers to open the links.
You might add a related video or a related picture or two
to grab readers interested about what you’ve got to say.
Just my opinion, it could bring your blog a little livelier.
Do you mind if I quote a few of your articles as long as I provide credit and sources back
to your weblog? My website is in the exact same niche as yours
and my users would really benefit from some of
the information you provide here. Please let me know if this
alright with you. Regards!
Useful info. Fortunate me I found your site accidentally,
and I am surprised why this accident did not happened earlier!
I bookmarked it.
For most up-to-date information you have to pay a visit world-wide-web and
on web I found this website as a finest web site for most recent updates.
I’m not sure where you are getting your information, but good topic.
I needs to spend some time learning much more or understanding more.
Thanks for excellent info I was looking for this info for
my mission.
buy online hacklink viagra.
Link exchange is nothing else however it is simply placing the other
person’s weblog link on your page at proper place
and other person will also do similar in support of you.
The courting is effective, and you can examine it
your self by registering and giving it a start.