Critical Infrastructure Cybersecurity : A Review of Recent Threats and Violations

Abstract

Most of current industries and their critical infrastructure rely heavily on the Internet for everything. The increase in the online services and operations for various industries has led to an increase in different security threats and malicious activities. In US, the department of homeland security reported recently that there have been 200 attacks on core critical infrastructures in the transportation, energy, and communication industries (Erwin et al., 2012). This paper is concerned with the growing dependence of modern society on the Internet, which has become an ideal channel and vital source of malicious activities and various security threats. These threats could have an impact on different distributed systems within and across all the critical infrastructures, such as industrial networks, financial online systems and services, nuclear power generation and control systems, airlines and railway traffic controllers, satellite communication networks, national healthcare information systems … etc. The major problem is that the existing Internet mechanisms and protocols are not appropriately designed to deal with such recently developed problems. Therefore, a rigorous research is required to develop security approaches and technologies that are capable of responding to this new evolving context. This paper presents various security threats and incidents over the past recent years on different critical infrastructure domains. It introduces some security measures including vulnerability assessment and penetration testing approaches for critical infrastructure.