Information and Communication Technology: Enabling and Challenging Critical Infrastructure
Information and communication technology (ICT) is increasingly becoming a part of all critical infrastructures, and thus, there is an increasing need to include ICT in all risk assessments. This chapter explains the dependencies between ICT and other infrastructures and provides an overview of the threats and risks associated with ICT. The chapter also gives an introduction to modelling techniques that is of particular use when performing risk analyses of ICT systems. The chapter ends with recommendations on how to include the ICT aspects in risk assessments of other infrastructures.
KeywordsPetroleum Transportation Marketing Assure SCADA
- 1.Hilbert, M., & López, P. (2011). The world’s technological capacity to store, communicate, and compute information. Science, 332, pp. 60–65. http://www.sciencemag.org/content/332/6025/60.abstract.
- 2.ISO/IEC. (2005). Information security management systems–requirements. ISO/IEC 27001: 2005.Google Scholar
- 3.Albright, D., Brannan, P., & Walrond, C. (2010). Did stuxnet take out 1000 centrifuges at the Natanz enrichment plant? Institute for Science and International Security, 22 Dec 2010. http://isis-online.org/uploads/isis-reports/documents/stuxnet_FEP_22Dec2010.pdf.
- 4.Albright, D., Brannan, P., & Walrond, C. (2011). Stuxnet Malware and Natanz: Update of ISIS 22 Dec 2010 report. Institute for Science and International Security, 15 Feb 2011 http://isis-online.org/uploads/isis-reports/documents/stuxnet_update_15Feb2011.pdf.
- 5.McAfee® Foundstone®. (2011). Professional Services and McAfee Labs™ (2011) Global Energy Cyberattacks: “Night Dragon”, 10 Feb 2011. Available at: http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf.
- 6.Computerworld. (2008). CIA says hackers pulled plug on power grid, 18 Jan 2008 http://www.computerworld.com/s/article/9057999/CIA_says_hackers_pulled_plug_on_power_grid.
- 7.Poulsen, K. (2003). Slammer worm crashed Ohio nuke plant network, SecurityFocus, 19 Aug 2003 http://www.securityfocus.com/news/6767.
- 8.Meland, P. H., Tøndel, I. A., & Jensen, J. (2010). Idea: Reusability of threat models–two approaches with an experimental evaluation. Lecture Notes in Computer Science, 2010, Vols. 5965/2010, pp. 114–122.Google Scholar
- 10.Schneier, B. (Dec 1999). “Attack Trees”. Dr Dobb’s Journal, 24(12). Archived from the original on 6 August 2007. http://www.schneier.com/paper-attacktrees-ddj-ft.html. Retrieved 2007-08-16.Google Scholar
- 11.Line, M. B., Nordland, O., Røstad, L., & Tøndel, I. A. (2006). Safety vs. security? In Proceedings from Probabilistic Safety Assessment and Management (PSAM), New Orleans. ISBN 0-7918-0245-0.Google Scholar
- 12.The Register. (2010). Hackers plant firefox 0-day on Nobel peace prize website, Oct 26, 2010. http://www.theregister.co.uk/2010/10/26/firefox_0day_report/.