scholarly journals Analyzing the Cyber Risk in Critical Infrastructures

2021 ◽  
Author(s):  
Marieke Klaver ◽  
Eric Luiijf
Keyword(s):  
Cyber Security ◽  
Critical Infrastructures ◽  
Security Risk ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Service Chain ◽  
Industrial Internet ◽  
Security Challenges ◽  
Information And Communication ◽  
Cyber Risk

Information and communication technology (ICT) plays an important role in critical infrastructures (CIs). Some ICT-based services are in itself critical for the functioning of society while other ICT elements are essential for the functioning of critical processes within CIs. Moreover, many critical processes within CIs are monitored and controlled by industrial control systems (ICS) also referred to as operational technology (OT). In line with the CI-concept, the concept of critical information infrastructure (CII) is introduced comprising both ICT and OT. It is shown that CIIs extend beyond the classical set of CIs. The risk to society due to inadvertent and deliberate CI/CII disruptions has increased due to the interrelation, complexity, and dependencies of CIs and CIIs. The cyber risk due to threats to and vulnerabilities of ICT and OT is outlined. Methods to analyze the cyber risk to CI and CII are discussed at both the organization, national, and the service chain levels. Cyber threats, threat actors, and the organizational, personnel, and technological cyber security challenges are outlined. An outlook is given to near future cyber security risk challenges, and therefore upcoming risk, stemming from (industrial) internet of things and other new cyber-embedded technologies.

scholarly journals A review: towards practical attack taxonomy for industrial control systems

2018 ◽  
Vol 7 (2.14) ◽  
pp. 145 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
Md Nabil Ahmad Zawawi ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System ◽  
Water Transportation ◽  
Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.  

Towards Protecting Critical Infrastructures

2015 ◽  
pp. 121-165 ◽  
Author(s):  
Filipe Caldeira ◽  
Tiago Cruz ◽  
Paulo Simões ◽  
Edmundo Monteiro
Keyword(s):  
Power Distribution ◽  
Prediction Models ◽  
Critical Infrastructures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Cascading Effects ◽  
Degree Of Confidence ◽  
Ict Security ◽  
Real Time Information ◽  
The Impact

Critical Infrastructures (CIs) such as power distribution are referred to as “Critical” as, in case of failure, the impact on society and economy can be enormous. CIs are exposed to a growing number of threats. ICT security plays a major role in CI protection and risk prevention for single and interconnected CIs were cascading effects might occur. This chapter addresses CI Protection discussing MICIE Project main results, along with the mechanisms that manage the degree of confidence assigned to risk alerts allowing improving the resilience of CIs when faced with inaccurate/inconsistent alerts. The CockpitCI project is also presented, aiming to improve the resilience and dependability of CIs through automatic detection of cyber-threats and the sharing of real-time information about attacks among CIs. CockpitCI addresses one MICIE's shortcoming by adding SCADA-oriented security detection capabilities, providing input for risk prediction models and assessment of the operational status of the Industrial Control Systems.

Sign in / Sign up

Export Citation Format

Share Document