Do you know that The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives)?
Do you know in 2016 , two nuclear powerplan in Belgium were locked down by terrorist?
Do you know that on 17-18 December 2016 Ukraine power blackout because cyberattack on powerplan system?
Terrorist attacking workstations and Supervisory Control and Data Acquisition (SCADA) systems. Cyber-attacks (by cyber terrorist or cyber-warframe that international conflicts) against Critical Infrastructures are gaining steam. Because stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations cyber-attack is the preferred method of attack.
Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact for the security of country and the well-being of its citizens.
The following sectors and industries are widely considered to be critical infrastructure:
| Sectors | Industries |
| Energy | • Electricity
• Natural gas • Oil |
| Information and Communication Technology (ICT) | • Telecommunications (including satellites)
• Broadcasting systems • Software, hardware and networks (including the Internet) |
| Traffic and transportation | • Shipping
• Aviation • Rail transport • Road traffic • Logistics |
| Healthcare | • Healthcare
• Medicines and vaccines • Laboratories |
| Water supply | • Dams
• Storage • Treatment and distribution networks |
| Finance and insurance | • Banks
• Stock exchanges • Insurance companies • Financial services |
| Government and administration | • Government
• Parliament • Legal institutions • Emergency services |
| Nutrition and agriculture | • Food trade
• Agriculture |
| Media and cultural assets | • Radio
• Press • Symbolic buildings |
Source : National Infrastructure Protection Plan (NIPP), p. 109: U.S. Department of Homeland Security.
Cyber-attack or cyber-threat on Critical Infrastructure (CI) it have various type, but usually may include :
- Manipulate system or data – such as malware that exploit vulnerabilities in computer software and hardware components necessary for operation of CI’s;
- Shutdown crucial system – such as DDoS attacks;
- Limit access to crucial systems or information – such as through ransomware attack.
While interconnected and integrated computerized control system have significantly streamlined the way in which CIs operated and increased connectivity that mean also increase the attack surface and therefore expose Cis to a high risk of manipulation. There is table of threat in Industrial Control System :
| No. | Threat | Explanation |
| 1 | Unauthorized use of remote maintenance access points | Maintenance access points are deliberately created external entrances to the ICs network and are often insufficiently secure |
| 2 | Online attacks via office or enterprise networks | Office IT is usually linked to the network in several ways.
In most case, network connection from offices to the ICS network also exist, so attacker can gain access via this route. |
| 3 | Attacks on standard components used in the Cis network | Standard IT components (commercial off-the-shelf) such as systems software, application servers or databases often contain flaws or vulnerabilities, which can be exploited by attackers. If these standard components are also used in the ICs network, the risk of a successful attack on the ICs network increases. |
| 4 | DDoS attacks | Distributed Denial of Services attacks can impair network connection and essential resources and cause systems to fail – in order to disrupt the operation of ICs, for instance. |
| 5 | Human error and sabotage | Intentional deeds – whether by internal or external perpretators – are a massive threat to all protection targets. Negligence and human error are also a great threat, especially in relation to the protection targets confidentiality and availability. |
| 6 | Introducing malware via removable media and external hardware | The use of removable media and mobile IT components of external staff always entails great risk of malware infection. |
| 7 | Reading and writing news in the ICs network | Most control components currently use clear text protocols, so communication is unprotected. This makes it relativelyeasy to read and introduce control commands. |
| 8 | Unauthorized access to resources | Internal perpetrators and subsequent attacks following initial external penetration have it especially easy if services and components in the process network do not utilize authentication methods or if the methods are insecure. |
| 9 | Attacks on network components | Attacekrs can manipulate network component in order to carry out man-in-the-middle attacks or to make sniffing easier, for example. |
| 10 | Technical Malfunctions or force majeure | Outage resulting from extreame weather or technical malfunctions can occur at any time – risk and potential damage can only be minimazes in such cases. |
Source : OSCE 2013
Bims.
At this time I am ready to do my breakfast, later than having my breakfast coming yet again to read further
news.
Pretty section of content. I just stumbled upon your
blog and in accession capital to assert that I acquire actually enjoyed account your
blog posts. Anyway I will be subscribing to your augment and even I achievement you access consistently fast.
You ought to be a part of a contest for one of the most useful blogs on the net.
I’m going to recommend this blog!
Great delivery. Great arguments. Keep up the great effort.
I am sure this paragraph has touched all the internet people,
its really really nice piece of writing on building up new web site.
Wow, this article is fastidious, my sister is analyzing these things, so I am going to inform her.
Heya i’m for the primary time here. I found this board and I in finding It really
useful & it helped me out much. I hope to provide something back and aid others like you
aided me.
When I originally commented I seem to have clicked on the -Notify me when new comments are added-
checkbox and from now on each time a comment is added I receive four emails with the same comment.
There has to be an easy method you are able
to remove me from that service? Appreciate it!
After looking at a number of the blog articles
on your website, I truly like your technique of writing a blog.
I book marked it to my bookmark website list and will be checking back in the
near future. Please check out my website too and tell me
your opinion.
This paragraph will help the internet visitors for creating
new blog or even a blog from start to end.
Very good info. Lucky me I ran across your website by accident (stumbleupon).
I have bookmarked it for later!
Outstanding story there. What happened after? Thanks!
Appreciate the recommendation. Let me try it out.
I’ve been exploring for a little for any high quality articles or
weblog posts in this sort of area . Exploring in Yahoo I eventually stumbled
upon this web site. Studying this info So i’m satisfied to exhibit that I’ve
a very excellent uncanny feeling I found out
exactly what I needed. I such a lot for sure will make sure to
do not disregard this site and provides it a glance regularly.
Your way of explaining everything in this paragraph is truly fastidious, all be able to without difficulty be aware
of it, Thanks a lot.
I’m extremely impressed together with your writing skills as smartly as with the layout for your blog.
Is this a paid subject matter or did you modify it yourself?
Anyway keep up the excellent quality writing, it’s uncommon to look a
great blog like this one nowadays..
Great post! We are linking to this particularly great post on our website.
Keep up the great writing.
Online dating could possibly be the perfect solution if you want to
meet singles with your area. The online dating services arena
is continuing to grow immensely as more folks are depending upon internet in order to meet new people, find their
special someone, friendship and more activities. Meeting on the
internet and dating is tricky but being honest can make it
much easier.
I think that what you said was actually very reasonable.
However, think on this, what if you added a little content?
I am not saying your information is not solid., however what if you added something to possibly get a
person’s attention? I mean Cyberattack on Critical Infrastructure – Pentesting.id is
a little boring. You could peek at Yahoo’s home page and watch how they create news headlines to get people to open the links.
You might try adding a video or a related pic or two to grab people
interested about what you’ve got to say. Just my opinion, it could
bring your blog a little livelier.
I am regular visitor, how are you everybody? This post posted at this web page is in fact fastidious.