Cyber threats to critical information infrastructure

Abstract

Chapter Overview: All critical infrastructures are dependent on computer information infrastructures for management, control, and communications. The government defines a critical infrastructure as, systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety (DHS 2012). Critical information infrastructure (CII) facilities use special equipment to control or manage telecommunications, air transportation, the financial sector, the electric power grid and many other services important for the economy and daily activity. Cyber attacks against these and other critical infrastructure facilities can potentially disrupt services over widespread areas and long times. Critical infrastructure equipment systems have unique security vulnerabilities that can make them appear to be relatively easy targets for cyber espionage or cyber sabotage. Examples of cyber attacks aimed at CII facility equipment vulnerabilities include malicious computer programs called Flame and Stuxnet, which were reportedly created by the U.S. and Israel for cyber espionage and sabotage against critical nuclear industrial facilities in Iran. In the U.S., officials have expressed warnings that cyber attacks by nations, criminals, or extremists and terrorists could soon overtake traditional violent terrorist attacks as the top threat to U.S. National Security (Nakashima, Senate Ready to take up cybersecurity bill that critics say is too weak, 2012). This chapter explores emerging cyberterrorism threats to critical information infrastructures. There is discussion of the special cyber vulnerabilities found in industrial control systems that operate critical infrastructure facilities. These special vulnerabilities help make important critical infrastructures look like easy targets for possible cyberterrorist attacks. This is followed by a description of malicious zero-day exploits, which provide sophisticated stealth characteristics that can help to secretly insert malicious code into critical infrastructure systems for espionage and for cyber sabotage. Hackers and cyber experts may knowingly or unknowingly sell these zero-day exploits and malicious code to extremists or terrorist groups. Governments and businesses may also use the stealth features of zero-day exploit code to insert malicious cyber code into critical infrastructures of businesses or nations which may later be activated for cyber sabotage. As Western governments continue to use pre-emptive cyber strikes to enforce unilateral policy decisions, this may encourage retaliatory cyberattacks from extremists or terrorists that target critical infrastructures in the West. Analysis of the code for Flame and Stuxnet has been shared widely among teams of researchers and teams of hackers in several countries, and copies of the code have become an open repository for re-usable malicious technology. It is likely that extremists and terrorists may now also have access to copies of the malicious technologies available in this repository that can be used as models for future cyberterrorist attacks directed against critical infrastructures in Western nations.