Abstract
This chapter opens the book by introducing the characteristics and particularities of critical infrastructures. Their existence and interplay forms a vital pillar of contemporary societies, and their protection is a top duty of governments and security research. Recent years have shown a paradigm shift of cyber-attacks from specific individual threat and attack scenarios, to a modern combination of various attack types and strategies to what we call an advanced persistent threat (APT) today. This term describes a diverse class of attacks that all share a set of common characteristics, which presents new challenges to security that demand urgent and continuous action by practitioners, researchers and every stakeholder of a critical infrastructure. The main focus of the book is describing game theory as a tool to establish security against APTs, and to this end, the introduction here starts with the abstract characteristics of an APT, showcasing them with a set of selected real-life documented cases of APTs that ends the chapter.
The man who is a pessimist before 48 knows too much; if he is an optimist after it he knows too little. M. Twain
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Assante MJ, Lee RM (2015) The Industrial Control System Cyber Kill Chain. SANS White Paper, SANS, Bethesda. https://www.sans.org/reading-room/whitepapers/ICS/industrial-control-system-cyber-kill-chain-36297
Bundesamt für Sicherheit in der Informationstechnik (2016) IT-Grundschutz Catalogue. BSI, Bonn. https://www.bsi.bund.de/EN/Topics/ITGrundschutz/itgrundschutz_node.html. English Version
CGTN (2019) Maduro announces 30 days of electricity rationing in Venezuela. Egypt independent. https://news.cgtn.com/news/3d3d514f31557a4e33457a6333566d54/index.html
Cimpanu C (2017) Petya ransomware outbreak originated in ukraine via tainted accounting software. https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/
Dube R, Castro M (2019) Venezuela blackout plunges millions into darkness. Wall Street J. https://www.wsj.com/articles/venezuela-blackout-stretches-across-country-closing-schools-and-businesses-11552053011
European Commission (2008) COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Off J Eur Union (L345):75–82. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32008L0114&from=EN
FireEye (2013) APT1. Exposing one of China’s cyber espionage units. Technical report, FireEye Inc., Milpitas. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
FireEye (2019) Cyber threat intelligence reports. https://www.fireeye.com/current-threats/threat-intelligence-reports.html
France24 (2019) Race against time in blackout-hit Venezuela to save food stocks. France 24. https://www.france24.com/en/20190311-race-against-time-blackout-hit-venezuela-save-food-stocks
Greenberg A (2017) How the Mimikatz hacker tool stole the world’s passwords. Wired. https://www.wired.com/story/how-mimikatz-became-go-to-hacker-tool/
Greenberg A (2018) WIRED: the untold story of NotPetya, the most devastating cyberattck in history. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Hadnagy C (2011) Social engineering. Wiley, Indianapolis. http://media.obvsg.at/AC08377030-1001
Hess H, Lehmann P (2005) Neue Erkenntnisse zum Stromausfall. https://www.gotthardbahn.ch/downloads/stromausfall_medienkonferenz2.pdf
ICS-CERT (2016) Cyber-attack against Ukrainian critical infrastructure. https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01
Jones S (2019) Venezuela blackout: what caused it and what happens next? The Guardian. https://www.theguardian.com/world/2019/mar/13/venezuela-blackout-what-caused-it-and-what-happens-next
Kurmanaev A, Herrera I, Krauss C (2019) Venezuela blackout, in 2nd day, threatens food supplies and patient lives. The New York Times. https://www.nytimes.com/2019/03/08/world/americas/venezuela-blackout-power.html
La Patilla (2019) El origen de la falla que causó el mega apagón en Venezuela (informe de la UCV). LaPatilla.com. http://www.lapatilla.com/2019/03/13/el-origen-de-la-falla-que-causo-el-mega-apagon-en-venezuela/
Lee RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. Technical report, E-ISAC, Washington. https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf
Mann I (2008) Hacking the human. Gower, Aldershot
Marinos L, Lourenco M (2019) ENISA threat landscape 2018. Technical report, ENISA, Ispra. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018/at_download/fullReport
MS-ISAC (2019) EternalBlue. Security primer SP2019-0101, multi-state information sharing & analysis center (MS-ISAC). https://www.cisecurity.org/wp-content/uploads/2019/01/Security-Primer-EternalBlue.pdf
NetBlocks (2019) Second national power outage detected across Venezuela. https://netblocks.org/reports/second-national-power-outage-detected-across-venezuela-dQ8o728n
Newman LH (2019) Why it’s so hard to restart Venezuela’s power grid. Wired. https://www.wired.com/story/venezuela-power-outage-black-start/
PTI (2017) New malware hits JNPT operations as APM terminals hacked globally. http://indianexpress.com/article/india/cyber-attack-new-malware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102/
Rosati A (2019) Venezuela is now awash in U.S. dollars. Bloomberg.com. https://www.bloomberg.com/news/articles/2019-06-18/once-forbidden-u-s-dollar-is-suddenly-everywhere-in-venezuela
Schmidthaler M, Reichl J (2016) Assessing the socio-economic effects of power outages ad hoc. Comput Sci Res Dev 31(3):157–161. https://doi.org/10.1007/s00450-014-0281-9
Schweizer Radio und Fernsehen (SRF) (2014) Schweiz – Der Blackout 2005 – ein schwarzer Tag für die SBB. Schweizer Radio und Fernsehen (SRF). https://www.srf.ch/news/schweiz/der-blackout-2005-ein-schwarzer-tag-fuer-die-sbb
Secureworks (2019) Advanced persistent threats – learn the ABCs of APT: part A. https://www.secureworks.com/blog/advanced-persistent-threats-apt-a
ThreatStop (2016) Black energy. Security report, ThreatStop, Carlsbad. https://www.threatstop.com/sites/default/files/threatstop_blackenergy.pdf
UCTE (2004) Final report of the investigation committee on the 28 September 2003 blackout in Italy. Technical report, Union for the Coordination of Electricity Transmission (UCTE). http://www.rae.gr/old/cases/C13/italy/UCTE_rept.pdf
US-CERT (2017) Alert (TA17-132a) indicators associated with WannaCry ransomware. https://www.us-cert.gov/ncas/alerts/TA17-132A
US-CERT (2017) Alert (TA17-181a) petya ransomware. https://www.us-cert.gov/ncas/alerts/TA17-181A
Zerpa F (2019) Venezuela blackouts cut oil output by half in March. Houston Chronicle. https://www.chron.com/business/energy/article/Venezuela-Blackouts-Cut-Oil-Output-by-Half-13743951.php
Zetter K (2016) Everything we know about Ukraine’s power plant hack | WIRED. https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Rass, S., Schauer, S., König, S., Zhu, Q. (2020). Introduction. In: Cyber-Security in Critical Infrastructures. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-46908-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-46908-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-46907-8
Online ISBN: 978-3-030-46908-5
eBook Packages: Computer ScienceComputer Science (R0)