Information and Communication Technology: Enabling and Challenging Critical Infrastructure

Chapter
Part of the Springer Series in Reliability Engineering book series (RELIABILITY)

Abstract

Information and communication technology (ICT) is increasingly becoming a part of all critical infrastructures, and thus, there is an increasing need to include ICT in all risk assessments. This chapter explains the dependencies between ICT and other infrastructures and provides an overview of the threats and risks associated with ICT. The chapter also gives an introduction to modelling techniques that is of particular use when performing risk analyses of ICT systems. The chapter ends with recommendations on how to include the ICT aspects in risk assessments of other infrastructures.

Keywords

Unify Modelling Language Information Security Critical Infrastructure Attack Tree Case Diagram 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Hilbert, M., & López, P. (2011). The world’s technological capacity to store, communicate, and compute information. Science, 332, pp. 60–65. http://www.sciencemag.org/content/332/6025/60.abstract.
  2. 2.
    ISO/IEC. (2005). Information security management systems–requirements. ISO/IEC 27001: 2005.Google Scholar
  3. 3.
    Albright, D., Brannan, P., & Walrond, C. (2010). Did stuxnet take out 1000 centrifuges at the Natanz enrichment plant? Institute for Science and International Security, 22 Dec 2010. http://isis-online.org/uploads/isis-reports/documents/stuxnet_FEP_22Dec2010.pdf.
  4. 4.
    Albright, D., Brannan, P., & Walrond, C. (2011). Stuxnet Malware and Natanz: Update of ISIS 22 Dec 2010 report. Institute for Science and International Security, 15 Feb 2011 http://isis-online.org/uploads/isis-reports/documents/stuxnet_update_15Feb2011.pdf.
  5. 5.
    McAfee® Foundstone®. (2011). Professional Services and McAfee Labs™ (2011) Global Energy Cyberattacks:Night Dragon”, 10 Feb 2011. Available at: http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf.
  6. 6.
    Computerworld. (2008). CIA says hackers pulled plug on power grid, 18 Jan 2008 http://www.computerworld.com/s/article/9057999/CIA_says_hackers_pulled_plug_on_power_grid.
  7. 7.
    Poulsen, K. (2003). Slammer worm crashed Ohio nuke plant network, SecurityFocus, 19 Aug 2003 http://www.securityfocus.com/news/6767.
  8. 8.
    Meland, P. H., Tøndel, I. A., & Jensen, J. (2010). Idea: Reusability of threat models–two approaches with an experimental evaluation. Lecture Notes in Computer Science, 2010, Vols. 5965/2010, pp. 114–122.Google Scholar
  9. 9.
    Sindre, G., & Opdahl, A. L. (2005). Eliciting security requirements with misuse cases. Requirements Engineering, 10(1), 34–44.CrossRefGoogle Scholar
  10. 10.
    Schneier, B. (Dec 1999). “Attack Trees”. Dr Dobb’s Journal, 24(12). Archived from the original on 6 August 2007. http://www.schneier.com/paper-attacktrees-ddj-ft.html. Retrieved 2007-08-16.Google Scholar
  11. 11.
    Line, M. B., Nordland, O., Røstad, L., & Tøndel, I. A. (2006). Safety vs. security? In Proceedings from Probabilistic Safety Assessment and Management (PSAM), New Orleans. ISBN 0-7918-0245-0.Google Scholar
  12. 12.
    The Register. (2010). Hackers plant firefox 0-day on Nobel peace prize website, Oct 26, 2010. http://www.theregister.co.uk/2010/10/26/firefox_0day_report/.
  13. 13.
    Jaatun, M. G., Albrechtsen, E., Line, M. B., Tøndel, I. A., & Longva, O. H. (2009). A framework for incident response management in the petroleum industry. International Journal of Critical Infrastructure Protection, 2, 26–37.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London 2012

Authors and Affiliations

  1. 1.SINTEF ICTTrondheimNorway

Personalised recommendations