Critical Infrastructure

Defending Smart Grid Infrastructure—A Scenario-Based Analysis of Cybersecurity and Privacy Rules in China, France, Russia, UK, and USA

Abstract:

The digitization of the electric energy grid enlarges its attack surface and makes the infrastructure increasingly vulnerable to digital warfare. Therefore, national legislation is central to defending critical energy infrastructure against terrorist and nation-state attacks in cyberspace. Still, previous studies have found shortcomings in cybersecurity legislation. To support smaller countries in their policymaking, this study describes a normative ideal in the form of a consolidated security policy framework. The framework consists of 25 policies that are based on cybersecurity and privacy rules of five countries with strong cyber defence capabilities; the framework addresses five cyberattack scenarios with a very high consequence potential. This study shows that the consolidated policies provide a holistic cyber defence framework, covering strategic, tactical, and operational levels, including obligations on both authority and industry levels.

Published In

Volume 23, Issue 3

Enhancing Global Cybersecurity Resilience: Navigating the Subconscious Fallacies within Critical Infrastructure Protection

Abstract:

Amidst the digital revolution, cyber-enabled critical infrastructures are the foundation of societal operations. However, this interconnectivity introduces risks such as cascading failures where disruptions in the power grid affect multiple systems. Global collaboration becomes inescapable in forming holistic approaches that evolve alongside continuous technological advancements to enhance infrastructure resilience. Before these approaches can truly succeed, it is imperative to understand the decision-making processes within these environments and effectively mitigate biases that may alter priorities. This study investigates subconscious biases stemming from perceived solutions, intending to anticipate their potential impact on decision-making prioritization and enhance overall cybersecurity in critical infrastructure resilience.

Published In

Volume 23, Issue 3

Written By

Marion Stephens

Information Warfare and Critical Infrastructure: The Combined Power of Information Warfare Threats

Abstract:

Critical Infrastructure (CI) is an area that has historically been rife with vulnerabilities, open to foreign and domestic threats. Recent events such as the Colonial Pipeline and JBS Foods provider ransomware attacks highlight the need for better security and resiliency from cyber threats. However, within the Information Warfare (IW) constructs that have become increasingly refined by peer adversaries like China and Russia, the areas of Electromagnetic Warfare (EW), Intelligence, Surveillance, and Reconnaissance (ISR), and Information Operations (IO) have become equally important to consider in the panoply of IW. This raises the important question regarding whether CI assets are adequately protected from the full complement of IW threats. Each IW area will be discussed from a threat perspective and examples will be presented to show how these threats can be combined to disrupt, deny, and destroy CI and CI assets with special attention given to peer and non-peer adversaries and the asymmetric advantages of each.

Published In

Volume 21, Issue 4

Written By

Joshua Alton Sipper

Cyber Pirates Ahoy! An Analysis of Cybersecurity Challenges in the Shipping Industry

Abstract:

Maritime shipping has become a trillion-dollar industry that now impacts the economy of virtually every country around the world. It is therefore no surprise that countries and companies have spent billions of dollars to modernize shipping vessels and ports with various technologies. However, the implementation of these technologies has also caught the attention of cybercriminals. For example, a cyberattack on one shipping company resulted in nearly $300 million in financial losses. Hence, this paper describes cybersecurity vulnerabilities present in the international shipping business. The contribution of this paper is the identification and dissection of cyber vulnerabilities specific to the shipping industry, along with how and why these potential vulnerabilities exist.

Published In

Volume 21, Issue 3

Space Systems Security: A Definition and Knowledge Domain for the Contemporary Context

Abstract:

A second space race has taken off and it is driving the rapid deployment of modernised satellites and other space systems that each introduce new security risks to an aged and already vulnerable ecosystem. The engineering, science, and technology aspects of space security are currently understudied and disjointed, leading to fragmented research and inconsistent terminology. This paper details the results of a global survey of space security experts to define Space Systems Security and the scope of its interdisciplinary knowledge domain. It also provides a review of current space security literature and examines the contemporary space systems context from a security perspective.

Published In

Volume 21, Issue 3

Solvability, Operability, and Security for Cyber-Physical Systems: New Computational Methods with Revised Assumptions

Abstract:

This paper discusses the use and integration of disparate but complementary tools for dealing with solvability, operability, and security challenges in Cyber-Physical Systems (CPSs): the Koopman operator for solvability, disjunctive programming for operability, and multi-level optimisation for security. These methods can obviate the need for some of the traditional assumptions used in modelling CPSs. This paper demonstrates the methods’ capabilities and considers ways to advance each method individually. It concludes by discussing how to integrate the different methods and identify useful synergies generated by doing so.

Published In

Volume 20, Issue 2

Testing the Fault Tolerance of a Backup Protection System Using SPIN

Abstract: 

This article advocates the use of automated model checking to find vulnerabilities in cyber-physical systems. Cyber-physical systems are increasingly prevalent in daily life. Smart grids, in particular, are becoming more interconnected and autonomously run. While there are advantages to the evolving critical infrastructure, new challenges arise in designing fault-toler-ant cyber-physical systems. Tools for automated model checking are a key asset in designing and evaluating cyber-physical systems and their components to maximize robustness and to pinpoint vulnerabilities so that they can be mitigated as early in the design process as possible. As a proof of concept for this model checking concept, this paper tests the fault tolerance of a Wide-Area Backup Protection System (WABPS). Each line in the WABPS incorporates a pair of autonomous agents, hosted on intelligent electronic devices (IEDs), which monitor the status of the line and make decisions regarding the safety of the grid.

Published In

Volume 19, Issue 3

Critical Infrastructure: Where Do We Stand Today? A Comprehensive and Comparative Study of the Definitions of a Critical Infrastructure

Abstract:

The concept of ‘critical infrastructure’ has become a key issue as far as the cyber dimension is concerned. All industrialized nation-states that depend on information and communication technologies have defined this concept or established a list of critical sectors to identify their critical infrastructures. Despite the high number of definitions, none of them considers a realistic view of a critical infrastructure as it tends to be reduced to its simple computerized dimension.

Published In

Volume 16, Issue 1

On the Importance of Protecting Critical Infrastructure related Engineering Descriptor Information (CIEDI)

ABSTRACT

The international security situation has lead to increased concern regarding malicious attacks against critical infrastructure (CI). CI encompasses a number of essential services some of which are water, electricity, and gas supply. For all such service-based assets there exists engineering information that includes architectural blueprints, structural composition data, and layout schema of key facilities. Such information exists within electronic systems and on paper as well. This paper argues that CIEDI must be recognized as part of the overall national CI as access to such information may assist attack on the CI itself. This paper proposes a definition of CIEDI and suggest CIEDI be addressed as part of the overall organizational security lifecycle with emphasis on maintaining uniform standards across physical and cyber media.

Published In

Volume 3, Issue 3

Cyber Terrorism: An Examination of the Critical Issues

ABSTRACT

This paper examines the critical issues relevant to Cyber terrorism. A review of the literature indicates that incidences of computer crime and cyber terrorism are increasing. The cyber attacks on the U.S.’s critical infrastructure are no longer random, but rather are coordinated and precise. The types of attacks are discussed and documented instances are examined. Lastly, policy recommendations are discussed that to further assist the U.S. in defending its critical infrastructures and essential operations.

Published In

Volume 2, Issue 2

Modelling Critical Infrastructure Systems

ABSTRACT

This paper examines the basis of what constitutes a system/s and discusses the commonalities in relation to critical infrastructure systems. It focuses on identifying, and discussing system characteristics, complexity, inter-relationships, dynamics and the importance of modelling as applied to critical infrastructure systems. It then considers four differing system-modelling styles with the view to assess and discuss their potential to model critical infrastructure systems, ahead of selecting the most promising and suitable for adoption to critical infrastructure system modelling.

Published In

Volume 6, Issue 1

Written By

Graeme Pye
Matt Warren

Minimizing Network Risk with Application to Critical Infrastructure Protection

ABSTRACT

The risk posed by natural disasters and terrorist attacks on critical infrastructure sectors such as the power grid, water supply, and telecommunication systems can be modeled by network risk. However, there is currently no definition of risk for a network. A new definition of network risk is proposed and applied to optimal allocation of a fixed budget such that network risk is minimized for two cost models: Linear and non-linear. It is shown that in both cases, risk minimization is achieved by ranking nodes and links according to their damage value and degree sequence. Furthermore, the critical nodes and links are identified as those with the highest allocation of funds.

Published In

Volume 6 , Issue 2

Safeguarding Australia from Cyber-terrorism: A Proposed Cyber-terrorism SCADA Risk Framework for Australia

ABSTRACT

In theory terrorist groups are currently using information and communication technologies (ICTs) to orchestrate their conventional attacks. More recently, terrorists have been developing a new form of capability within the cyber arena to coordinate cyber based attacks. This paper examines a cyber-terrorism SCADA risk framework. The paper proposes a high level managerial framework which is designed to measure and protect SCADA systems from the threat of cyber-terrorism within Australia.  

Published In

Volume 7, Issue 1

Cyber Terrorism Awareness within the New Zealand Critical Infrastructure

ABSTRACT

Dependence on computers has transformed information technology into a potential terrorist target. Prevention of Cyber terrorism should be part of holistic national security policy. This paper analyses the results of a study that indicates New Zealand’s critical infrastructure is not ready for a cyber terrorist attack and gives some recommendations.

Published In

Volume 8, Issue 3

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com