Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
Pretty nice post. I just stumbled upon your weblog and wanted to say that I’ve really enjoyed surfing around
your blog posts. In any case I will be subscribing to your feed and I hope you
write again soon!
I got this web site from my buddy who informed
me regarding this website and now this time I am browsing this website and
reading very informative posts at this time.
First off I want to say wonderful blog! I had a quick question that I’d like to
ask if you don’t mind. I was curious to find out how you center yourself
and clear your thoughts prior to writing. I have had difficulty clearing my thoughts in getting my ideas out.
I truly do enjoy writing however it just seems like the first 10 to 15 minutes
are generally wasted just trying to figure out how to begin.
Any ideas or tips? Thanks!
Howdy just wanted to give you a quick heads up. The text in your post
seem to be running off the screen in Opera.
I’m not sure if this is a format issue or something to do with web browser compatibility
but I figured I’d post to let you know. The style and design look great though!
Hope you get the issue resolved soon. Cheers
I think this is among the most significant info
for me. And i’m satisfied studying your article. But want to statement
on few basic things, The site taste is perfect, the articles is really nice
: D. Good task, cheers
I think the admin of this site is truly working hard in support of his site, as
here every stuff is quality based material.
I am really pleased to glance at this blog posts which
contains plenty of useful data, thanks for providing these statistics.
Hi to all, it’s really a nice for me to pay a quick visit this web
page, it contains precious Information.
web site indexletme kaliteli backlink.
Your means of describing all in this piece of writing is actually fastidious, every one be able to simply
understand it, Thanks a lot.
For latest news you have to go to see web and on the web I found this website as
a most excellent website for hottest updates.
I’m not that much of a online reader to be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your site to come back down the road.
All the best
I really like your blog.. very nice colors & theme. Did you create this website
yourself or did you hire someone to do it for you? Plz respond as I’m looking to construct
my own blog and would like to know where u got this from.
thank you
Hmm is anyone else experiencing problems with the pictures on this blog loading?
I’m trying to figure out if its a problem on my end or if it’s
the blog. Any responses would be greatly appreciated.
Hi to every body, it’s my first visit of this blog;
this weblog consists of remarkable and genuinely excellent stuff in favor
of visitors.
Nice post. I learn something new and challenging on blogs I stumbleupon everyday.
It’s always exciting to read articles from other writers and practice something from
their web sites.
Everything is very open with a very clear clarification of the challenges.
It was truly informative. Your site is very helpful. Thank you for sharing!
Does your blog have a contact page? I’m having trouble locating
it but, I’d like to send you an e-mail. I’ve got some suggestions
for your blog you might be interested in hearing.
Either way, great site and I look forward to seeing
it develop over time.
Hey! I just wanted to ask if you ever have any problems with hackers?
My last blog (wordpress) was hacked and I ended up losing
a few months of hard work due to no back up. Do you have any
solutions to prevent hackers?
My family members all the time say that I am killing my time here at net,
except I know I am getting familiarity all the time by
reading such pleasant posts.