Advances in Information Technology
Advances in information technology have resulted in the development of new computer-based systems. The mechanisation of large industries has simplified their functioning. Because of the reliance on computer systems, this has resulted in the creation of a severe threat. Hackers have the ability to create malicious computer programs with the intent of damaging industrial control systems (Ismail, Sitnikova & Slay, 2016). This poses a severe danger to the global operability of industrial computer systems since they are still subject to hostile attacks on the networking that these computers use.
Vulnerability of Industrial Computer Systems
The vulnerability of industrial computer systems is heavily reliant on the networking used by these computers. Industrial computer systems rely on SCADA hardware and software security. SCADA stands for supervisory control and data acquisition (Alcaraz, et al., 2011). It is a computer based control system are widely used as process control system in industries and utilities. When SCADA was invented the advancement in computing was limited and narrow exposure. However today there has been serous advancement in technology that increased the vulnerability to an attack on all computer systems in the world. SCADA is essential in the industrial sector for its effectiveness in improving efficiency and the quality of the processes.
Vulnerability of SCADA Systems
The vulnerability of the SCADA systems arise from the crucial role they play in managing important infrastructure in a country. They control very key components of the industrial automation. They control infrastructure that is responsible for offering essential services such as power and water. Any breach in the security systems of these companies could lead to the catastrophic consequences on the public (Feldner, 2017). Keeping these systems safe from security threats therefore becomes an essential part of the information and technology department.
Successful Attacks on Utility Infrastructures
There have been several successful attack on utility infrastructures that have shown the vulnerability of the SCADA systems throughout the world. The attacks are greatly blamed on heavy reliance on automation as well as the increasing industrial systems connectivity. Most of the attacks occur when a worm is infected in an industrial network for the purposes of replication and to silently monitor traffic recording all the activities. It has been established a cyber criminals could wait for months or years before launching the attack in the systems. The vulnerability of SCADA systems is highly characterised by inadequate monitoring of the networks making it is impossible to track potential suspicious activity (Geers, Kindlund, Moran & Rachwald, 2014). Slow updates of the SCADA systems further expose the systems to attack as the world advance in the systems and malware. Consistent updating of the system is essential for the maximum protection of a SCADA system. The ability of the SCADA systems to have connected devices for remote monitoring is another vulnerability that subject the systems to attacks. The device essential for monitoring should be matched with the level of advancement in the technology of the systems.
Attacks on Power Companies
Power companies have been the major targets of cyber-attacks. In 2016, the United States Justice Department stated that Iran had managed to infiltrate the command controls of a dam in Rye Brook, New York. The attackers managed to compromise the command and control system using a cellular modem. The attack on Natanz nuclear plant in Iran in 2010 remains as the most significant attack on the SCADA systems (Langø, 2016). The attackers infiltrated the systems and caused the centrifuges to spin beyond their limit damaging a fifth of them. The attackers, who may have been from the United States and Israel, infiltrated the systems in the plant and relayed past automatic updates while they managed to cause the damage to the centrifuges. When a number of the centrifuges broke down as a result of excessive spinning, the workers did not immediately identify the problem (Romanosky, 2016). The management of the plant would have to wait for a number of days after contracting a Belarus-based IT company which discovered the presence of malicious activities in their systems.
The Presidential Policy Directive 21
The Presidential Policy Directive 21 is a white paper policy that seeks to evaluate the effective measures that can be undertaken to strengthen critical infrastructure that supports the mission of the United States. The measures are to provide an effective and resilient strategy for ensuring overall cyber safety for the United States. The policy further encompasses foreign government who hold critical facilities of the United States (Carr, 2014). Information security ranks as one of the most important components of the PPD21 seeking to eliminate all hazards that could have a debilitating influence on economic stability, public health, and national security. The policy fails to propose any new regulation combating information security and the providence of critical infrastructure.
Virtual Center and Private Partnerships
The directive proposes the establishment of a virtual centre under the Department of Homeland Security that would ensure centralized information dissemination and collection. The centre is tasked in providing efficient situation awareness that includes actionable information integrated and emerging trends (Tiirmaa-Klaar, 2016). The directive ought to include private partnerships in the development of resilient cyber security infrastructures that aim at protecting the interest of the American public. It is essential for the government to tap into the existing expertise in the private sector when developing a nationwide infrastructure. The policy should further help in the development of infrastructure with the capability of providing real-time situational awareness that is necessary for the development of critical infrastructures. The ability to provide proof of concept for each of the essential segments of critical infrastructure will help in ensuring the success of the policy.
Resilient Infrastructure
The PPD 21 seeks to expand on the work that has been accomplished on physical security strengthening critical infrastructure for cybersecurity. It realizes the threat posed by cybercriminals as a result of increased automation of major infrastructures. The policy, therefore, seeks to provide resilient infrastructure (Feldner, 2017). Resilient infrastructure is defined as the ability of interconnected ecosystems to absorb a disruption and still hold its structural capacity and perform its basic functions.
Protecting the Physical Environment
The ability of a country to avert any attack on its cyberspace is essential in protecting the physical environment. The cyber threats are mostly aimed at causing disturbance of the physical infrastructure remotely (Romanosky, 2016). For example, an attack on the power grid of a country will render ineffective communication as well as transportation systems, making them vulnerable to physical attack. A cyber-attack on transportation can lead to collisions, leading to devastating impacts on the general public.
Conclusion
In conclusion, the threat of cyber-attacks has become significant with increased interconnection of critical infrastructure and heavy reliance on automation. This poses a challenge to the security agents. Cyber-attacks have opened a new frontier of attacks and warfare that is bound to have a huge impact on the safety of the public. The government should enact necessary legislation and plans to secure the general public from imminent attacks.
References
Alcaraz, C., Lopez, J., Zhou, J., & Roman, R. (2011). Secure SCADA framework for the protection of energy control systems. Concurrency and Computation: Practice and Experience, 23(12), 1431-1442.
Carr, J. (2014). Responsible Attribution: A Prerequisite for Accountability. NATO Cooperative Cyber Defence Centre of Excellence, Tallinn Paper, (6).
Feldner, D. (2017). Sovereign Decisions as a Means for Strengthening Our Resilience in a Digitalized World. In Sustainability in a Digital World (pp. 59-75). Springer International Publishing.
Geers, K., Kindlund, D., Moran, N., & Rachwald, R. (2014). World War C: Understanding nation-state motives behind today’s advanced cyber attacks. Technical Report, FireEye.
Ismail, S., Sitnikova, E., & Slay, J. (2016). SCADA Systems Cyber Security for Critical Infrastructures: Case Studies in Multiple Sectors. International Journal of Cyber Warfare and Terrorism (IJCWT), 6(3), 79-95.
Langø, H. I. (2016). Cyber Security Capacity Building: Security and Freedom.
Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121-135.
Tiirmaa-Klaar, H. (2016). Building national cyber resilience and protecting critical information infrastructure. Journal of Cyber Policy, 1(1), 94-106.
