The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward
|
|
Author(s): Timo Kiravuo (Aalto University, Helsinki, Finland), Seppo Tiilikainen (Aalto University, Helsinki, Finland), Mikko Särelä (Aalto University, Helsinki, Finland)and Jukka Manner (Aalto University, Helsinki, Finland)
Copyright: 2020
Pages: 14
Source title:
Cyber Warfare and Terrorism: Concepts, Methodologies, Tools, and Applications
Source Author(s)/Editor(s): Information Resources Management Association (USA)
DOI: 10.4018/978-1-7998-2466-4.ch098
Purchase
|
Abstract
The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.
Related Content
|
Siva Raja Sindiramutty, Noor Zaman Jhanjhi, Chong Eng Tan, Navid Ali Khan, Bhavin Shah, Amaranadha Reddy Manchuri.
© 2024.
58 pages.
|
|
Imdad Ali Shah, Raja Kumar Murugesan, Samina Rajper.
© 2024.
31 pages.
|
|
Rana Muhammad Amir Latif, Muhammad Farhan, Navid Ali Khan, R. Sujatha.
© 2024.
33 pages.
|
|
Imdad Ali Shah, Areesha Sial, Sarfraz Nawaz Brohi.
© 2024.
25 pages.
|
|
Kassim Kalinaki, Wasswa Shafik, Sarah Namuwaya, Sumaya Namuwaya.
© 2024.
24 pages.
|
|
Imdad Ali Shah, N. Z. Jhanjhi, Humaira Ashraf.
© 2024.
24 pages.
|
|
Rida Zehra.
© 2024.
18 pages.
|
|
|