Cyber threats impacting critical infrastructures

Cyber-Physical Systems (CPS) integrate computational, communication, and physical aspects, capable of communicating with each other in real-time using wired and wireless networks to improve usability, efficiency, reliability, etc. They consist of a collection of rapidly growing networks and large, diverse, complex, interconnected, and fragmented systems.

The CPS is widely adapted in many critical sectors today, including energy, water, transportation, smart houses, vehicles, healthcare, disaster recovery, engineering, traffic control, robotic surgery, sea and space exploration, defense, and military operations.

Unfortunately, cyber and physical components combinations introduce a wide spectrum of risks related to privacy issues, cyber attacks. Currently, we can find many examples of the attackers compromising complex systems by finding vulnerable physical elements.

The infrastructures are vulnerable due to three kinds of failure: complexity, accident, and hostile intent, characterized by “D” words: destroy, damage, deny, delay, deceive, disrupt, distort, degrade, disable, divulge, disconnect, and disguise.

Critical infrastructure protection is a concern for all countries. Modern societies’ high level of development is largely dependent on a set of basic and essential services provided to a large extent by the private sector.

Below you can find some of the top recent cyber attacks on critical infrastructures and networks around the globe.

  • The electricity grid of Ukraine – In late 2015, Ukraine suffered a cyber-attack on its national electricity grid that left more than 600,000 homes without energy.
  • Metallurgical plant in Germany – In 2014, a metallurgical plant in Germany was also an attack. Using social engineering, attackers could gain access to an employee’s computer, from which they could gain access to the control system’s internal network. As a result, it became impossible to shut down one of the blast furnaces, which caused massive damage to the plant.
  • Saudi Aramco – In 2012, the world’s largest oil company, Saudi Aramco, became the victim of a targeted attack on its headquarters. An attack on one of the company’s employees gave the attackers access to the network. They then gained access to 30,000 computers at the company. The attackers were able to wipe the contents of all computers at one point while the screen displayed a burning American flag. The attack was claimed by a group “Cutting Sword of Justice.”
  • Tram network in the city of Lodz – In 2008, a 14-year-old student hacked the tram network in the Polish city of Lodz, resulting in four trams derailing and 12 people being injured. The student built an infrared remote control that worked similarly to a TV remote control to control the track crossings.
  • Los Angeles city’s traffic lights – In 2006, two traffic engineers from Los Angeles hacked the city’s traffic lights during an industrial protest. They managed to change some strategically placed signals to keep lights set on red and cause major traffic jams.
  • PDVSA – PDVSA, the Venezuelan oil company, was attacked in December 2002, reducing production from 3 million to 370,000 barrels per day. The attack involved hacking several of the company’s computers and took place while company staff was on strike, suggesting it w carried out by employees.
  • Gas processing plant – A gas processing plant run by a US oil company also suffered an attack in 2001. After a six-month investigation, it was determined that it had been the work of one of the suppliers who created a distraction by hacking three computers to cover up an error, causing a service outage in a European country.

Similar attacks have afflicted the following installations, in addition to the attacks aimed specifically at sabotaging the infrastructure, and the consequences have, at times, be just as serious.

When the SQLSlammer worm made its way into an American oil company’s intranet in 2003, it caused havoc. Although it did not result in a shutdown of production, it impacted internal communications. It took several days to remove it from the network and update systems to prevent future attacks. This worm has been one of the most disruptive to businesses around the world in the past.

In 2003, one of the country’s largest automakers was hit by the SQLSlammer attack, which spread quickly and impacted 17 manufacturing facilities. The company incurred a total cost of $150 million. Even though the patch had been available for six months, the company’s IT managers had yet to apply it.

In Japan, a Mitsubishi Electric employee was infected with malware in 2005, resulting in the leak of confidential inspection documents from two of the company’s nuclear power plants.

This list of incidents demonstrates that cyber-attacks on critical infrastructures are a real threat and that all governments are now aware of the dangers.

It is not easy to answer whether the security of critical infrastructures is currently adequate since the information or techniques that cybercriminals might use are not known. Therefore, it is impossible to be 100% secure. Yet, To improve prevention and response to logical attacks, governments are implementing a series of measures globally. Here are some good practices.

  1. Checking systems for vulnerabilities, especially those with security holes reported and known for some time.
  2. The networks that control these infrastructures should be closely monitored and, if necessary, isolated from the outside world. This will allow external attacks to be detected and access to systems controlled by an internal network to be blocked.
  3. Controlling removable drives is critical for any infrastructure, and not just because they’ve been used in attacks like Stuxnet. It is critical to ensure that malware does not enter the internal network via pen drives or steal confidential information when protecting such critical infrastructure.
  4. PCs connected to programmable logic controllers (or PLCs) are to be monitored. These Internet-connected devices are the most vulnerable, as they can provide access to sensitive control systems to an attacker. Furthermore, even if they cannot take control of a system, they can obtain valuable information that can be used in other attack vectors.