The specific and essential characteristics of a Critical infrastructure are: It operates 7 days a week, 24 hours a day AND:
Their operations require information systems and networks, sensors and other mechanisms for data acquisition.
Critical infrastructures are frequently required to operate physical devices such as cash dispensers (ATM), motors (to switch a railroad track) and robotic systems (in manufacturing).
It is part of a supply chain – failure to operate propagates to/from other entities that may also be critical infrastructures, creating a domino effect.
This definition applies to utilities (electricity, gas, water), transportation (air traffic control, airport operations, railways), all continuous manufacturing (oil refineries, glass and paper processing), banking (ATM networks and online), telecommunications (fixed line and mobile telephony, internet service providers) and many more. All of these are “invisible” when operational. When they fail, this almost invariably makes the news headlines.
Attacks on critical infrastructures are becoming more sophisticated: a significant event was the use of the Stuxnet software to disrupt Iran’s uranium enrichment processing facilities, first made public in June 2010.
Experts have described Stuxnet as a “military-grade cyber-missile” and software experts that analysed Stuxnet2 reported that: “We’ve definitely never seen anything like this before”. The journal Computer World called it “one of the most sophisticated and unusual pieces of software ever created”.
Since then there have been other successful attacks on critical infrastructures in many countries. One attack in August 2012 had as its target Saudi Aramco where the Shamoon virus infected 30,000 personal computers, deleted their data and replaced it with images of a burning U.S. flag. The source of the attack remains unidentified.
Cyber-attacks and the prospect of a cyber-war (an event for which there is no agreed definition so far) expose the operators of critical infrastructures to disruptions and the corruption or destruction of data.
đang được dịch, vui lòng đợi..