Impact of Cyber-Attacks on Critical Infrastructure

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Cybersecurity capabilities for critical infrastructure resilience

Information and Computer Security ◽

10.1108/ics-06-2021-0091 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Masike Malatji ◽

Annlizé L. Marnewick ◽

Suné Von Solms

Keyword(s):

Cloud Computing ◽

Best Practice ◽

Critical Infrastructure ◽

Integrated Approach ◽

Cyber Attacks ◽

Industrial Control Systems ◽

Content Type ◽

Goods And Services ◽

Standards And Guidelines ◽

Attack Surfaces

Purpose For many innovative organisations, Industry 4.0 paves the way for significant operational efficiencies, quality of goods and services and cost reductions. One of the ways to realise these benefits is to embark on digital transformation initiatives that may be summed up as the intelligent interconnectivity of people, processes, data and cyber-connected things. Sadly, this interconnectivity between the enterprise information technology (IT) and industrial control systems (ICS) environment introduces new attack surfaces for critical infrastructure (CI) operators. As a result of the ICS cybersecurity risk introduced by the interconnectivity between the enterprise IT and ICS networks, the purpose of this study is to identify the cybersecurity capabilities that CI operators must have to attain good cybersecurity resilience. Design/methodology/approach A scoping literature review of best practice international CI protection frameworks, standards and guidelines were conducted. Similar cybersecurity practices from these frameworks, standards and guidelines were grouped together under a corresponding National Institute of Standards and Technology (NIST) cybersecurity framework (CF) practice. Practices that could not be categorised under any of the existing NIST CF practices were considered new insights, and therefore, additions. Findings A CI cybersecurity capability framework comprising 29 capability domains (cybersecurity focus areas) was developed as an adaptation of the NIST CF with an added dimension. This added dimension emphasises cloud computing and internet of things (IoT) security. Each of the 29 cybersecurity capability domains is executed through various capabilities (cybersecurity processes and procedures). The study found that each cybersecurity capability can further be operationalised by a set of cybersecurity controls derived from various frameworks, standards and guidelines, such as COBIT®, CIS®, ISA/IEC 62443, ISO/IEC 27002 and NIST Special Publication 800-53. Practical implications CI sectors are immediately able to adopt the CI cybersecurity capability framework to evaluate their levels of resilience against cyber-attacks, given new attack surfaces introduced by the interconnectivity of cyber-connected things between the enterprise and ICS levels. Originality/value The authors present an added dimension to the NIST framework for CI cyber protection. In addition to emphasising cryptography, IoT and cloud computing security aspects, this added dimension highlights the need for an integrated approach to CI cybersecurity resilience instead of a piecemeal approach.

Download Full-text

Cyber Attacks on Critical Infrastructure

Advances in Digital Crime, Forensics, and Cyber Terrorism - Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance ◽

10.4018/978-1-4666-6324-4.ch001 ◽

2015 ◽

pp. 1-18 ◽

Cited By ~ 1

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Economic Impact of Cyber Attacks on Critical Infrastructures

Advances in Digital Crime, Forensics, and Cyber Terrorism - Applying Methods of Scientific Inquiry Into Intelligence, Security, and Counterterrorism ◽

10.4018/978-1-5225-8976-1.ch012 ◽

2019 ◽

pp. 291-314

Author(s):

Merve Şener

Keyword(s):

Economic Impact ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Economic Losses ◽

Critical Infrastructures ◽

Cyber Attack ◽

Network Systems ◽

Financial Losses

Critical infrastructures ensure that activities that are vital and important for individuals can be safely delivered to the society uninterruptedly. The damage on these critical infrastructures caused by cyber-attacks whose control is carried out through computers and network systems is very large. Cyber-attacks directly or indirectly affect companies, institutions, and organizations economically and cause great financial losses. In this chapter, two different categories, energy and finance sector, which are described as critical infrastructure, are discussed; cyber-attacks carried out on these sectors, cyber-attack weapons, and economic losses caused by these attacks are examined.

Download Full-text

Cyber Attacks and Preliminary Steps in Cyber Security in National Protection

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch013 ◽

2018 ◽

pp. 213-229

Author(s):

Faruk Aydin ◽

O. Tolga Pusatli

Keyword(s):

Cyber Security ◽

Information Technologies ◽

Critical Infrastructure ◽

National Development ◽

Cyber Attacks ◽

Public Institutions ◽

Private Companies ◽

Nation States ◽

Development Plans ◽

Security Standards

Cyber attacks launched by individuals and/or supported by nation states have increased due to the prevalence of information technologies at critical infrastructure of the states. In this chapter, such attacks and consecutive impacts are visited. In connection with this issue, evolution of cyber threats from annoying malware to serious weapons is studied by examples; hence, precautions against such threats are visited and usage of anti-malware applications as prevalent precautions is assessed within the scope. Selected information security standards and strategies of selected states and precautions for cyber security of Turkey are studied. Our findings underline that educated citizens and companies along with public institutions should cooperate to provide a nationwide cyber security. Consequently, it is defended that governments should play an affective role to protect, educate, and guide governmental and private companies and citizens on the cyber security by promoting the cyber security topic in the successive national development plans.

Download Full-text

Cyber Threat Ransomware and Marketing to Networked Consumers

Handbook of Research on Innovations in Technology and Marketing for the Connected Consumer - Advances in Marketing, Customer Relationship Management, and E-Services ◽

10.4018/978-1-7998-0131-3.ch008 ◽

2020 ◽

pp. 155-185

Author(s):

Usman Javed Butt ◽

Maysam F. Abbod ◽

Arvind Kumar

Keyword(s):

Critical Infrastructure ◽

Computer Systems ◽

Cyber Attacks ◽

Competitive Market ◽

Cyber Attack ◽

Security Measures ◽

Global Competitiveness ◽

Modern Computer ◽

Water Cleaning ◽

Cyber Threat

Marketing is a process of creating, capturing, and exchanging ‘value' for the mutual benefits of marketers, customers, intermediaries, and other stakeholders. Such a transaction requires trust as it might be facing a range of online cyber risks. Modern cybercrimes have exponentially grown over the last decade. Ransomware is one of the types of malware which is the result of a sophisticated attempt to compromise the modern computer systems. The businesses, governments, and large corporations are investing heavily to combat this cyber threat against their critical infrastructure. New technological shifts help to improve marketing and business productivity and keep the company's global competitiveness in an overflowing competitive market. However, the businesses and the systems involved need security measures to protect integrity and availability which will help avoid any malfunctioning to their operations due to the cyber-attacks. There have been several cyber-attack incidents on several businesses such as healthcare, pharmaceutical, water cleaning, and energy sector.

Download Full-text

Modeling cyber attacks on a critical infrastructure scenario

IISA 2013 ◽

10.1109/iisa.2013.6623699 ◽

2013 ◽

Cited By ~ 4

Author(s):

E. Ciancamerla ◽

M. Minichino ◽

S. Palmieri

Keyword(s):

Critical Infrastructure ◽

Cyber Attacks

Download Full-text

Cross-Border Cyber-Attacks and Critical Infrastructure Protection

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2017.02.07 ◽

2017 ◽

Vol 6 (2) ◽

pp. 47-52

Author(s):

Iulian Marius COMAN

Keyword(s):

Critical Infrastructure ◽

Cyber Attacks ◽

Critical Infrastructure Protection ◽

Infrastructure Protection ◽

Cross Border

Download Full-text

The Problem of Cyber Attacks on the Critical Infrastructure of the State in the Energy Sector. The Case of Turkey

Teka Komisji Politologii i Stosunków Międzynarodowych ◽

10.17951/teka.2018.13.2.27-47 ◽

2019 ◽

Vol 13 (2) ◽

pp. 27

Author(s):

Kinga Smoleń

Keyword(s):

Critical Infrastructure ◽

Energy Sector ◽

Cyber Attacks ◽

The State

<p>Celem poznawczym niniejszego artykułu jest analiza problemu cyberataków na infrastrukturę krytyczną państwa w sektorze energetycznym. W ramach case study zaprezentowano przypadek Turcji. Państwo to ze względu na odgrywanie roli „korytarza tranzytowego” dla transportu węglowodorów posiada silną pozycją na międzynarodowym rynku surowców energetycznych, przez co cyberataki dokonywane na infrastrukturę krytyczną Turcji mają poważne konsekwencje nie tylko dla rozwoju tego państwa oraz jego bezpieczeństwa, lecz także układu geopolitycznego w regionie Bliskiego Wschodu i rozkładu sił na – wspomnianym powyżej – międzynarodowym rynku węglowodorów. Dla potrzeb podjętego problemu przyjęto następujące założenia badawcze. Po pierwsze, cyberprzestrzeń stanowi potencjalne źródło zagrożeń dla bezpieczeństwa państwa. Dzieje się tak, gdyż jest to rodzaj „przestrzeni”, która „wymyka się” spod kontroli państwowych organów bezpieczeństwa. Zwiększa to prawdopodobieństwo cyberataków, m.in. na infrastrukturę krytyczną państwa. Po drugie, w warunkach cyberprzestrzeni dochodzi do zmiany ważności komponentów siły w stosunkach międzynarodowych. Wzrost skali i liczby cyberataków potwierdza, że o pozycji państwa i możliwości wywierania przez nie wpływu na system międzynarodowy decyduje obecnie skuteczna zdolność obrony przed atakami w cyberprzestrzeni oraz posiadanie wysoko rozwiniętej technologii informatycznej. Po trzecie, w warunkach procesów globalizacji i odejściu wraz z końcem zimnej wojny od myślenia o bezpieczeństwie z perspektywy zagrożeń wojskowych doszło do poszerzenia jego zakresu podmiotowego i przedmiotowego. Bezpieczeństwo dotyczy obecnie wielu obszarów życia społecznego, zaś źródła jego zagrożeń mają charakter: polityczny, gospodarczy, wojskowy, społeczny, ekologiczny, demograficzny, energetyczny. Tym samym bezpieczeństwo energetyczne stało się jednym z autonomicznych wymiarów w strukturze szeroko pojmowanego bezpieczeństwa.</p>

Download Full-text