Cyber Attacks on Critical Infrastructure: Review and Challenges

Cyber Attacks on Critical Infrastructure: Review and Challenges

Ana Kovacevic (University of Belgrade, Serbia) and Dragana Nikolic (University of Belgrade, Serbia)
DOI: 10.4018/978-1-4666-9619-8.ch018


We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.
Chapter Preview

Critical Infrastructure

There is a slight difference between countries concerning their definition of critical infrastructure (CI) sectors. CIs are defined as those systems, assets, or part thereof which are essential for the maintenance of vital societal functions, security and economic security, and the disruption or destruction of which would have a significant impact on the state/nation as a result of the failure to maintain those functions (European Commission, 2008). The US approach is more comprehensive and inclusive, and it has been particularly evolving since the attacks of September 11, 2001.The U.S. Patriot Act defined CIs as “systems and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters” (USA- PA, 2001). Homeland Security Act of 2002 (P.L. 107-296, Sec. 2(4)) established the Department of Homeland Security (DHS) and also formally introduced the concept of “key resources (Congress U.S., 2002). “Key resources” are defined as “publicly or privately controlled resources essential to the minimal operations of the economy and government” (Sec. 2(9)). Without articulating exactly what they are, the act views key resources as distinct from critical infrastructure, albeit worthy of the same protection.

The most conventional list of critical infrastructure sectors includes: agriculture and food, water, public health and safety, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance, industry/manufacturing, postal and shipping.

Complete Chapter List

Search this Book: