Critical Infrastructure

Information Warfare and Critical Infrastructure: The Combined Power of Information Warfare Threats

Abstract:

Critical Infrastructure (CI) is an area that has historically been rife with vulnerabilities, open to foreign and domestic threats. Recent events such as the Colonial Pipeline and JBS Foods provider ransomware attacks highlight the need for better security and resiliency from cyber threats. However, within the Information Warfare (IW) constructs that have become increasingly refined by peer adversaries like China and Russia, the areas of Electromagnetic Warfare (EW), Intelligence, Surveillance, and Reconnaissance (ISR), and Information Operations (IO) have become equally important to consider in the panoply of IW. This raises the important question regarding whether CI assets are adequately protected from the full complement of IW threats. Each IW area will be discussed from a threat perspective and examples will be presented to show how these threats can be combined to disrupt, deny, and destroy CI and CI assets with special attention given to peer and non-peer adversaries and the asymmetric advantages of each.

Cyber Pirates Ahoy! An Analysis of Cybersecurity Challenges in the Shipping Industry

Abstract:

Maritime shipping has become a trillion-dollar industry that now impacts the economy of virtually every country around the world. It is therefore no surprise that countries and companies have spent billions of dollars to modernize shipping vessels and ports with various technologies. However, the implementation of these technologies has also caught the attention of cybercriminals. For example, a cyberattack on one shipping company resulted in nearly $300 million in financial losses. Hence, this paper describes cybersecurity vulnerabilities present in the international shipping business. The contribution of this paper is the identification and dissection of cyber vulnerabilities specific to the shipping industry, along with how and why these potential vulnerabilities exist.

Space Systems Security: A Definition and Knowledge Domain for the Contemporary Context

Abstract:

A second space race has taken off and it is driving the rapid deployment of modernised satellites and other space systems that each introduce new security risks to an aged and already vulnerable ecosystem. The engineering, science, and technology aspects of space security are currently understudied and disjointed, leading to fragmented research and inconsistent terminology. This paper details the results of a global survey of space security experts to define Space Systems Security and the scope of its interdisciplinary knowledge domain. It also provides a review of current space security literature and examines the contemporary space systems context from a security perspective.

Solvability, Operability, and Security for Cyber-Physical Systems: New Computational Methods with Revised Assumptions

Abstract:

This paper discusses the use and integration of disparate but complementary tools for dealing with solvability, operability, and security challenges in Cyber-Physical Systems (CPSs): the Koopman operator for solvability, disjunctive programming for operability, and multi-level optimisation for security. These methods can obviate the need for some of the traditional assumptions used in modelling CPSs. This paper demonstrates the methods’ capabilities and considers ways to advance each method individually. It concludes by discussing how to integrate the different methods and identify useful synergies generated by doing so.

Testing the Fault Tolerance of a Backup Protection System Using SPIN

Abstract: 

This article advocates the use of automated model checking to find vulnerabilities in cyber-physical systems. Cyber-physical systems are increasingly prevalent in daily life. Smart grids, in particular, are becoming more interconnected and autonomously run. While there are advantages to the evolving critical infrastructure, new challenges arise in designing fault-toler-ant cyber-physical systems. Tools for automated model checking are a key asset in designing and evaluating cyber-physical systems and their components to maximize robustness and to pinpoint vulnerabilities so that they can be mitigated as early in the design process as possible. As a proof of concept for this model checking concept, this paper tests the fault tolerance of a Wide-Area Backup Protection System (WABPS). Each line in the WABPS incorporates a pair of autonomous agents, hosted on intelligent electronic devices (IEDs), which monitor the status of the line and make decisions regarding the safety of the grid.

Critical Infrastructure: Where Do We Stand Today? A Comprehensive and Comparative Study of the Definitions of a Critical Infrastructure

Abstract:

The concept of ‘critical infrastructure’ has become a key issue as far as the cyber dimension is concerned. All industrialized nation-states that depend on information and communication technologies have defined this concept or established a list of critical sectors to identify their critical infrastructures. Despite the high number of definitions, none of them considers a realistic view of a critical infrastructure as it tends to be reduced to its simple computerized dimension.

On the Importance of Protecting Critical Infrastructure related Engineering Descriptor Information (CIEDI)

ABSTRACT

The international security situation has lead to increased concern regarding malicious attacks against critical infrastructure (CI). CI encompasses a number of essential services some of which are water, electricity, and gas supply. For all such service-based assets there exists engineering information that includes architectural blueprints, structural composition data, and layout schema of key facilities. Such information exists within electronic systems and on paper as well. This paper argues that CIEDI must be recognized as part of the overall national CI as access to such information may assist attack on the CI itself. This paper proposes a definition of CIEDI and suggest CIEDI be addressed as part of the overall organizational security lifecycle with emphasis on maintaining uniform standards across physical and cyber media.

Cyber Terrorism: An Examination of the Critical Issues

ABSTRACT

This paper examines the critical issues relevant to Cyber terrorism. A review of the literature indicates that incidences of computer crime and cyber terrorism are increasing. The cyber attacks on the U.S.’s critical infrastructure are no longer random, but rather are coordinated and precise. The types of attacks are discussed and documented instances are examined. Lastly, policy recommendations are discussed that to further assist the U.S. in defending its critical infrastructures and essential operations.

Modelling Critical Infrastructure Systems

ABSTRACT

This paper examines the basis of what constitutes a system/s and discusses the commonalities in relation to critical infrastructure systems. It focuses on identifying, and discussing system characteristics, complexity, inter-relationships, dynamics and the importance of modelling as applied to critical infrastructure systems. It then considers four differing system-modelling styles with the view to assess and discuss their potential to model critical infrastructure systems, ahead of selecting the most promising and suitable for adoption to critical infrastructure system modelling.

Minimizing Network Risk with Application to Critical Infrastructure Protection

ABSTRACT

The risk posed by natural disasters and terrorist attacks on critical infrastructure sectors such as the power grid, water supply, and telecommunication systems can be modeled by network risk. However, there is currently no definition of risk for a network. A new definition of network risk is proposed and applied to optimal allocation of a fixed budget such that network risk is minimized for two cost models: Linear and non-linear. It is shown that in both cases, risk minimization is achieved by ranking nodes and links according to their damage value and degree sequence. Furthermore, the critical nodes and links are identified as those with the highest allocation of funds.

Safeguarding Australia from Cyber-terrorism: A Proposed Cyber-terrorism SCADA Risk Framework for Australia

ABSTRACT

In theory terrorist groups are currently using information and communication technologies (ICTs) to orchestrate their conventional attacks. More recently, terrorists have been developing a new form of capability within the cyber arena to coordinate cyber based attacks. This paper examines a cyber-terrorism SCADA risk framework. The paper proposes a high level managerial framework which is designed to measure and protect SCADA systems from the threat of cyber-terrorism within Australia.  

Cyber Terrorism Awareness within the New Zealand Critical Infrastructure

ABSTRACT

Dependence on computers has transformed information technology into a potential terrorist target. Prevention of Cyber terrorism should be part of holistic national security policy. This paper analyses the results of a study that indicates New Zealand’s critical infrastructure is not ready for a cyber terrorist attack and gives some recommendations.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Principal Office

  • Journal of Information Warfare
  • ArmisteadTEC
  • 525 Landfall Arch,
  • Virginia Beach, VA 23462

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com