Skip to main content
SpringerLink
Log in
Book cover

Cyber-Security in Critical Infrastructures pp 3–20Cite as

Introduction

  • Chapter
  • First Online:

  • 659 Accesses

Abstract

This chapter opens the book by introducing the characteristics and particularities of critical infrastructures. Their existence and interplay forms a vital pillar of contemporary societies, and their protection is a top duty of governments and security research. Recent years have shown a paradigm shift of cyber-attacks from specific individual threat and attack scenarios, to a modern combination of various attack types and strategies to what we call an advanced persistent threat (APT) today. This term describes a diverse class of attacks that all share a set of common characteristics, which presents new challenges to security that demand urgent and continuous action by practitioners, researchers and every stakeholder of a critical infrastructure. The main focus of the book is describing game theory as a tool to establish security against APTs, and to this end, the introduction here starts with the abstract characteristics of an APT, showcasing them with a set of selected real-life documented cases of APTs that ends the chapter.

The man who is a pessimist before 48 knows too much; if he is an optimist after it he knows too little. M. Twain

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Assante MJ, Lee RM (2015) The Industrial Control System Cyber Kill Chain. SANS White Paper, SANS, Bethesda. https://www.sans.org/reading-room/whitepapers/ICS/industrial-control-system-cyber-kill-chain-36297

  2. Bundesamt für Sicherheit in der Informationstechnik (2016) IT-Grundschutz Catalogue. BSI, Bonn. https://www.bsi.bund.de/EN/Topics/ITGrundschutz/itgrundschutz_node.html. English Version

  3. CGTN (2019) Maduro announces 30 days of electricity rationing in Venezuela. Egypt independent. https://news.cgtn.com/news/3d3d514f31557a4e33457a6333566d54/index.html

  4. Cimpanu C (2017) Petya ransomware outbreak originated in ukraine via tainted accounting software. https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/

  5. Dube R, Castro M (2019) Venezuela blackout plunges millions into darkness. Wall Street J. https://www.wsj.com/articles/venezuela-blackout-stretches-across-country-closing-schools-and-businesses-11552053011

  6. European Commission (2008) COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Off J Eur Union (L345):75–82. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32008L0114&from=EN

    Google Scholar 

  7. FireEye (2013) APT1. Exposing one of China’s cyber espionage units. Technical report, FireEye Inc., Milpitas. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

  8. FireEye (2019) Cyber threat intelligence reports. https://www.fireeye.com/current-threats/threat-intelligence-reports.html

  9. France24 (2019) Race against time in blackout-hit Venezuela to save food stocks. France 24. https://www.france24.com/en/20190311-race-against-time-blackout-hit-venezuela-save-food-stocks

  10. Greenberg A (2017) How the Mimikatz hacker tool stole the world’s passwords. Wired. https://www.wired.com/story/how-mimikatz-became-go-to-hacker-tool/

  11. Greenberg A (2018) WIRED: the untold story of NotPetya, the most devastating cyberattck in history. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

  12. Hadnagy C (2011) Social engineering. Wiley, Indianapolis. http://media.obvsg.at/AC08377030-1001

    Google Scholar 

  13. Hess H, Lehmann P (2005) Neue Erkenntnisse zum Stromausfall. https://www.gotthardbahn.ch/downloads/stromausfall_medienkonferenz2.pdf

  14. ICS-CERT (2016) Cyber-attack against Ukrainian critical infrastructure. https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01

  15. Jones S (2019) Venezuela blackout: what caused it and what happens next? The Guardian. https://www.theguardian.com/world/2019/mar/13/venezuela-blackout-what-caused-it-and-what-happens-next

  16. Kurmanaev A, Herrera I, Krauss C (2019) Venezuela blackout, in 2nd day, threatens food supplies and patient lives. The New York Times. https://www.nytimes.com/2019/03/08/world/americas/venezuela-blackout-power.html

  17. La Patilla (2019) El origen de la falla que causó el mega apagón en Venezuela (informe de la UCV). LaPatilla.com. http://www.lapatilla.com/2019/03/13/el-origen-de-la-falla-que-causo-el-mega-apagon-en-venezuela/

  18. Lee RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. Technical report, E-ISAC, Washington. https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf

  19. Mann I (2008) Hacking the human. Gower, Aldershot

    Google Scholar 

  20. Marinos L, Lourenco M (2019) ENISA threat landscape 2018. Technical report, ENISA, Ispra. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018/at_download/fullReport

  21. MS-ISAC (2019) EternalBlue. Security primer SP2019-0101, multi-state information sharing & analysis center (MS-ISAC). https://www.cisecurity.org/wp-content/uploads/2019/01/Security-Primer-EternalBlue.pdf

  22. NetBlocks (2019) Second national power outage detected across Venezuela. https://netblocks.org/reports/second-national-power-outage-detected-across-venezuela-dQ8o728n

  23. Newman LH (2019) Why it’s so hard to restart Venezuela’s power grid. Wired. https://www.wired.com/story/venezuela-power-outage-black-start/

  24. PTI (2017) New malware hits JNPT operations as APM terminals hacked globally. http://indianexpress.com/article/india/cyber-attack-new-malware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102/

  25. Rosati A (2019) Venezuela is now awash in U.S. dollars. Bloomberg.com. https://www.bloomberg.com/news/articles/2019-06-18/once-forbidden-u-s-dollar-is-suddenly-everywhere-in-venezuela

  26. Schmidthaler M, Reichl J (2016) Assessing the socio-economic effects of power outages ad hoc. Comput Sci Res Dev 31(3):157–161. https://doi.org/10.1007/s00450-014-0281-9

    Article  Google Scholar 

  27. Schweizer Radio und Fernsehen (SRF) (2014) Schweiz – Der Blackout 2005 – ein schwarzer Tag für die SBB. Schweizer Radio und Fernsehen (SRF). https://www.srf.ch/news/schweiz/der-blackout-2005-ein-schwarzer-tag-fuer-die-sbb

  28. Secureworks (2019) Advanced persistent threats – learn the ABCs of APT: part A. https://www.secureworks.com/blog/advanced-persistent-threats-apt-a

  29. ThreatStop (2016) Black energy. Security report, ThreatStop, Carlsbad. https://www.threatstop.com/sites/default/files/threatstop_blackenergy.pdf

  30. UCTE (2004) Final report of the investigation committee on the 28 September 2003 blackout in Italy. Technical report, Union for the Coordination of Electricity Transmission (UCTE). http://www.rae.gr/old/cases/C13/italy/UCTE_rept.pdf

  31. US-CERT (2017) Alert (TA17-132a) indicators associated with WannaCry ransomware. https://www.us-cert.gov/ncas/alerts/TA17-132A

  32. US-CERT (2017) Alert (TA17-181a) petya ransomware. https://www.us-cert.gov/ncas/alerts/TA17-181A

  33. Zerpa F (2019) Venezuela blackouts cut oil output by half in March. Houston Chronicle. https://www.chron.com/business/energy/article/Venezuela-Blackouts-Cut-Oil-Output-by-Half-13743951.php

  34. Zetter K (2016) Everything we know about Ukraine’s power plant hack | WIRED. https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/

Download references

Author information

Authors and Affiliations

  1. Universitaet Klagenfurt, Klagenfurt, Austria

    Stefan Rass

  2. Austrian Institute of Technology GmbH, Wien, Austria

    Stefan Schauer & Sandra König

  3. Tandon School of Engineering, New York University, Brooklyn, NY, USA

    Quanyan Zhu

Authors
  1. Stefan Rass
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Schauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sandra König
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Quanyan Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Rass, S., Schauer, S., König, S., Zhu, Q. (2020). Introduction. In: Cyber-Security in Critical Infrastructures. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-46908-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-46908-5_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-46907-8

  • Online ISBN: 978-3-030-46908-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation