Abstract
We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.
TopCritical Infrastructure
There is a slight difference between countries concerning their definition of critical infrastructure (CI) sectors. CIs are defined as those systems, assets, or part thereof which are essential for the maintenance of vital societal functions, security and economic security, and the disruption or destruction of which would have a significant impact on the state/nation as a result of the failure to maintain those functions (European Commission, 2008). The US approach is more comprehensive and inclusive, and it has been particularly evolving since the attacks of September 11, 2001.The U.S. Patriot Act defined CIs as “systems and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters” (USA- PA, 2001). Homeland Security Act of 2002 (P.L. 107-296, Sec. 2(4)) established the Department of Homeland Security (DHS) and also formally introduced the concept of “key resources” (Congress U.S., 2002). “Key resources” are defined as “publicly or privately controlled resources essential to the minimal operations of the economy and government” (Sec. 2(9)). Without articulating exactly what they are, the act views key resources as distinct from critical infrastructure, albeit worthy of the same protection.
The most conventional list of critical infrastructure sectors includes: agriculture and food, water, public health and safety, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance, industry/manufacturing, postal and shipping.
Key Terms in this Chapter
Supervisory Control and Data Acquisition Systems (SCADA): Refers to industrial control systems (ICS) that are employed to control and keep track of data. It is often used for critical infrastructures, e.g. electric power distribution, oil and natural gas distribution, water and waste-water treatment, transportation systems, etc. SCADA is a computer system used to gather and analyze real-time data.
SCADA Security Testbed: Is used to model real system and analyse the effects of attacks on them. The method enables detection of vulnerabilities within SCADA protocols in order to find out how easy it is to bypass security measures in such protocols or perform an attack on the SCADA network.
Malware: Short for malicious software, is software designed specifically to damage or gain access without the knowledge of the owner.
Critical Infrastructure: Is the backbone of everyday lives in modern society. Critical infrastructures are defined as those systems, assets, or part thereof which are essential for the maintenance of vital societal functions, security and economic security, and the disruption or destruction of which would have a significant impact on the state/nation as a result of the failure to maintain those functions (European Commission, 2008).
Information Security: Is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions.
Cyber Attacks: Cyber attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.
Stuxnet: Is considered to be the first malware that attacked critical infrastructures of foreign governments.