scholarly journals CYBER-SECURITY IN THE NEW ERA OF INTEGRATED OPERATIONAL – INFORMATIONAL TECHNOLOGY SYSTEMS

2021 ◽  
Vol 11 (1) ◽  
pp. 68-79
Author(s):  
Vlad Daniel Savin ◽  
Keyword(s):  
Information Technology ◽  
Cyber Security ◽  
Power Plants ◽  
New Technologies ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Digital Revolution ◽  
The Right ◽  
Technology Systems

Digital Revolution has forced previously isolated networks of critical infrastructures to become more digitally integrated. Recent cyber-attacks, including Stuxnet and Wiper, have exposed a new set of cybersecurity vulnerabilities in this field. This new environment has forced previously isolated networks of critical infrastructures like utilities or power plants to become more digitally integrated. This paper offers a view into the most efficient current defense solutions. It also offers a glimpse into the need for the further development of new protection mechanisms developed on the emerging new technologies. The risks posed by the integration of Information Technology solutions with Operational Technology systems have been a key topic also at the latest World Economic Forum conference, where cyber-attacks of critical infrastructures were discussed in the context of the most significant risks for the upcoming decade. The findings of this paper are applicable to other industries. The paper aims to highlight that by initially understanding the vulnerabilities of the IT components and by taking the right cybersecurity preventive measures, critical infrastructure can be protected against these kinds of threats. The research framework behind this paper was directed towards analysing the cyber risks associated with the convergence between the Information Technology solutions with the Operational Technology systems of critical infrastructure.

scholarly journals Beyond Physical Threats: Cyber-attacks on Critical Infrastructure as a Challenge of Changing Security Environment – Overview of Cyber-security legislation and implementation in SEE Countries

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Ivana Cesarec
Keyword(s):  
European Union ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Member States ◽  
Industrial Control Systems ◽  
Eu Member States ◽  
Cyber Threats

States, organizations and individuals are becoming targets of both individual and state-sponsored cyber-attacks, by those who recognize the impact of disrupting security systems and effect to people and governments. The energy sector is seen as one of the main targets of cyber-attacks against critical infrastructure, but transport, public sector services, telecommunications and critical (manufacturing) industries are also very vulnerable. One of most used example of cyber-attack is the Ukraine power grid attack in 2015 that left 230,000 people without power for up to 6 hours. Another most high profile example of a cyber-attack against critical infrastructure is the Stuxnet computer virus (first used on Iranian nuclear facility) which could be adapted to attack the SCADA systems (industrial control systems) used by many critical infrastructures in Europe.Wide range of critical infrastructure sectors are reliant on industrial control systems for monitoring processes and controlling physical devices (sensors, pumps, etc.) and for that reason, physical connected devices that support industrial processes are becoming more vulnerable. Not all critical infrastructure operators in all sectors are adequately prepared to manage protection (and raise resilience) effectively across both cyber and physical environments. Additionally there are few challenges in implementation of protection measures, such as lack of collaboration between private and public sector and low levels of awareness on existence of national key legislation.From supranational aspect, in relation to this papers topic, the European Union has took first step in defense to cyber threats in 2016 with „Directive on security of network and information systems“ (NIS Directive) by prescribing member states to adopt more rigid cyber-security standards. The aim of directive is to improve the deterrent and increase the EU’s defenses and reactions to cyber attacks by expanding the cyber security capacity, increasing collaboration at an EU level and introducing measures to prevent risk and handle cyber incidents. There are lot of other „supporting tools“ for Member States countries, such as European Union Agency for Network and Information Security – ENISA (which organize regular cyber security exercises at an EU level, including a large and comprehensive exercise every two years, raising preparedness of EU states); Network of National Coordination Centers and the European Cybersecurity Industrial, Technology and Research Competence Centre; and Coordinated response to major cyber security incidents and crises (Blueprint) with aim to ensure a rapid and coordinated response to large-scale cyber attacks by setting out suitable processes within the EU.Yet, not all Member States share the same capacities for achieving the highest level of cyber-security. They need to continuously work on enhancing the capability of defense against cyber threats as increased risk to state institutions information and communication systems but also the critical infrastructure objects. In Southeast Europe there are few additional challenges – some countries even don't have designated critical infrastructures (lower level of protection; lack of „clear vision“ of criticality) and critical infrastructures are only perceived through physical prism; non-EU countries are not obligated to follow requirements of European Union and its legislation, and there are interdependencies and transboundary cross-sector effects that needs to be taken in consideration. Critical infrastructure Protection (CIP) is the primary area of action, and for some of SEE countries (like the Republic of Croatia) the implementation of cyber security provisions just complements comprehensive activities which are focused on physical protection.This paper will analyze few segments of how SEE countries cope with new security challenges and on which level are they prepared for cyber-attacks and threats: 1. Which security mechanisms they use; 2. The existing legislation (Acts, Strategies, Plan of Action, etc.) related to cyber threats in correlation with strategic critical infrastructure protection documents. Analysis will have two perspectives: from EU member states and from non-EU member states point of view. Additionally, for EU member states it will be analyzed if there were any cyber security legislation before NIS directive that meets same aims. The aim of research is to have an overall picture of efforts in region regarding cyber-security as possibility for improvement thorough cooperation, organizational measures, etc. providing also some recommendations to reduce the gap in the level of cyber-security development with other regions of EU.

scholarly journals Analyzing medical device connectivity and its effect on cyber security in german hospitals

2020 ◽  
Vol 20 (1) ◽  
Author(s):  
Markus Willing ◽  
Christian Dresen ◽  
Uwe Haverkamp ◽  
Sebastian Schinzel
Keyword(s):  
Intensive Care ◽  
Medical Devices ◽  
Cyber Security ◽  
Strong Correlation ◽  
Critical Infrastructure ◽  
Medical Center ◽  
Cyber Attacks ◽  
Organizational Level ◽  
Public Networks ◽  
The Right

Abstract Background Modern healthcare devices can be connected to computer networks and many western healthcare institutions run those devices in networks. At the same time, cyber attacks are on the rise and there is evidence that cybercriminals do not spare critical infrastructure such as major hospitals, even if they endanger patients. Intuitively, the more and closer connected healthcare devices are to public networks, the higher the risk of getting attacked. Methods To asses the current connectivity status of healthcare devices, we surveyed the field of German hospitals and especially University Medical Center UMCs. Results The results show a strong correlation between the networking degree and the number of medical devices. The average number of medical devices is 25.150, with a median of networked medical devices of 3.600. Actual key users of networked medical devices are the departments Radiology, Intensive Care, Radio-Oncology RO, Nuclear Medicine NUC, and Anaesthesiology in the group of UMCs. In the next five years, the usage of networked medical devices will increase significantly in the departments of Surgery, Intensive Care, and Radiology. We detected a strong correlation between the degree of connectivity and the likelihood of being attacked.The survey answers regarding the cyber security status reveal a lack of security basics in some of the inquired hospitals. We did discover successful attacks in hospitals with separated or subsidiary departments. A fusion of competencies on an organizational level facilitates the right behavior here. Most hospitals rated themselves predominantly positively in the self-assessment but also stated the usefulness of IT security insurance. Conclusions Concluding our results, hospitals are already facing the consequences of omitted measures within their growing pool of medical devices. Continuously relying on historically grown structures without adaption and trusting manufactures to solve vectors is a critical behavior that could seriously endanger patients.

scholarly journals Cyber Situational Awareness in Critical Infrastructure Protection

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Jouni Pöyhönen ◽  
Jyri Rajamäki ◽  
Harri Ruoslahti ◽  
Martti Lehto
Keyword(s):  
Decision Making ◽  
Situation Awareness ◽  
Cyber Security ◽  
Situational Awareness ◽  
Critical Infrastructure ◽  
Research Question ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
The European Union ◽  
Domain Specific

The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and  other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational  awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions  for domain-specific real world problems, while the research question is: “How can cyber  situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote  collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.

DIGITALIZATION OF THE MODERN FIGHTING FIELD UNDER CYBER SECURITY

2021 ◽  
Vol 17 (1) ◽  
pp. 298-302
Author(s):  
Ovidiu-Dumitru RUSU ◽  
Sorin TOPOR
Keyword(s):  
Information Technology ◽  
Cyber Security ◽  
Communication Systems ◽  
New Technologies ◽  
Technological Development ◽  
Cyber Attacks ◽  
Technological Evolution ◽  
The Moment ◽  
Fierce Competition ◽  
The Military

Abstract: The digitalization of the modern battlefield is a product of technological development in the field of communications and information technology. With the digitalization of modern communication systems and information technology, malicious programs/applications have been developed that can destabilize the cyberspace infrastructure. The complexity and diversity of cyber-attacks have generated fierce competition among states to ensure supremacy of cybersecurity in cyberspace. Most cybersecurity experts appreciate that research in this relatively new field is only at the pioneering level. The future and technological evolution in the field of cybersecurity will show us that, at the moment, very little is known about how cyberspace will look and develop. Although the civilian environment has the supremacy in terms of the technological development of cyberspace, it is certain that the military environment will import new technologies and adapt them to its own requirements.

scholarly journals Embracing Industry 4.0: Empirical Insights from Malaysia

Informatics ◽  
2021 ◽  
Vol 8 (2) ◽  
pp. 30
Author(s):  
Mansoor Ahmed Soomro ◽  
Mohd Hizam-Hanafiah ◽  
Nor Liza Abdullah ◽  
Mohd Helmi Ali ◽  
Muhammad Shahar Jusoh
Keyword(s):  
Industry 4.0 ◽  
New Technologies ◽  
Descriptive Study ◽  
Digital Transformation ◽  
Quantitative Approach ◽  
Survey Questionnaire ◽  
Digital Revolution ◽  
Leadership Strategy ◽  
The Right ◽  
The Cost

Industry 4.0 revolution, with its cutting-edge technologies, is an enabler for businesses, particularly in reducing the cost and improving the productivity. However, a large number of organizations are still too in their infancy to leverage the true potential of Industry 4.0 and its technologies. This paper takes a quantitative approach to reveal key insights from the companies that have implemented Industry 4.0 technologies. For this purpose, 238 technology companies in Malaysia were studied through a survey questionnaire. As technology companies are usually the first in line to adopt new technologies, they can be studied better as leaders in adopting the latest technologies. The findings of this descriptive study surfaced an array of insights in terms of Industry 4.0 readiness, Industry 4.0 technologies, leadership, strategy, and innovation. This research paper contributes by providing 10 key empirical insights on Industry 4.0 that can be utilized by managers to pace up their efforts towards digital transformation, and can help the policymakers in drafting the right policy to drive the digital revolution.

An investigation into the effect of cybersecurity on attack prevention strategies

2020 ◽  
pp. 53-60
Author(s):  
Mohammed I. Alghamdi ◽  
Keyword(s):  
Information Technology ◽  
Computer Networks ◽  
Cyber Security ◽  
Information Technologies ◽  
Vital Role ◽  
Cyber Attacks ◽  
Security Threats ◽  
Prevention Strategies ◽  
Sufficient Knowledge ◽  
Simplified Solution

Our economy, infrastructure and societies rely to a large extent on information technology and computer networks solutions. Increasing dependency on information technologies has also multiplied the potential hazards of cyber-attacks. The prime goal of this study is to critically examine how the sufficient knowledge of cyber security threats plays a vital role in detection of any intrusion in simple networks and preventing the attacks. The study has evaluated various literatures and peer reviewed articles to examine the findings obtained by consolidating the outcomes of different studies and present the final findings into a simplified solution.

scholarly journals CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review

Signals ◽  
2021 ◽  
Vol 2 (4) ◽  
pp. 803-819
Author(s):  
Nabin Chowdhury
Keyword(s):  
Literature Review ◽  
Systematic Literature Review ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
New Technologies ◽  
Plant Protection ◽  
Security Requirements ◽  
Protection Measures ◽  
Defense In Depth

As digital instrumentation in Nuclear Power Plants (NPPs) is becoming increasingly complex, both attack vectors and defensive strategies are evolving based on new technologies and vulnerabilities. Continued efforts have been made to develop a variety of measures for the cyber defense of these infrastructures, which often consist in adapting security measures previously developed for other critical infrastructure sectors according to the requirements of NPPs. That being said, due to the very recent development of these solutions, there is a lack of agreement or standardization when it comes to their adoption at an industrial level. To better understand the state of the art in NPP Cyber-Security (CS) measures, in this work, we conduct a Systematic Literature Review (SLR) to identify scientific papers discussing CS frameworks, standards, guidelines, best practices, and any additional CS protection measures for NPPs. From our literature analysis, it was evidenced that protecting the digital space in NPPs involves three main steps: (i) identification of critical digital assets; (ii) risk assessment and threat analysis; (iii) establishment of measures for NPP protection based on the defense-in-depth model. To ensure the CS protection of these infrastructures, a holistic defense-in-depth approach is suggested in order to avoid excessive granularity and lack of compatibility between different layers of protection. Additional research is needed to ensure that such a model is developed effectively and that it is based on the interdependencies of all security requirements of NPPs.

scholarly journals Cyber Attacks on Critical Infrastructure

2016 ◽  
pp. 448-465
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

scholarly journals The Challenge of Cyber Attacks in the “Information Age” and the Jus Ad Bellum

2019 ◽  
Vol 5 (2) ◽  
pp. 79
Author(s):  
Pshtiwan Mohammed Qader
Keyword(s):  
International Law ◽  
Use Of Force ◽  
Information Age ◽  
Cyber Attacks ◽  
Armed Force ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Armed Attack ◽  
Self Defense ◽  
The Right

The present paper examines the problem of cyber-attacks under existing international law. It takes the view that the (United Nations) UN Charter provisions on the use of force can be extended to cyber-attacks by means of interpretation although the relevant provisions do not explicitly address such issue. This Article argues that cyber-attacks resulting in material damage or destruction to property, death or injury to persons, or severe disruption of the functioning of critical infrastructures can be characterized as use of armed force and therefore violate the prohibition contained in article 2(4) of the Charter. However, cyber-attacks not resulting in the above consequences may be illegal intervention in the internal affairs of other states if such attacks are coercive in nature. In addition, the current study discusses that a cyber-attack which amounts to a use of armed force per se is not sufficient to give the victim state the right to self-defense, unless its scale and effects are equivalent to those of a conventional armed attack. Finally, the study concludes that an international cyber treaty is truly necessary to more effectively address cyber-attacks.

Cyber Attacks on Critical Infrastructure

2015 ◽  
pp. 1-18 ◽  
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Sign in / Sign up

Export Citation Format

Share Document