Skip to main content
SpringerLink
Log in

Understanding Cyber Threats and Vulnerabilities

  • Chapter
Critical Infrastructure Protection

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7130))

Abstract

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was first coined during the 1980s. Being the relevance to consider possible threats and their impact, this paper provides a systematic treatment of actors, tools and potential effects. Some future risk to the CII is discussed as well.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. EC: Council Directive 2008/114/EC, of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection, EC, Brussels, Belgium (2008)

    Google Scholar 

  2. ENISA Glossary, http://www.enisa.europa.eu/act/res/files/glossary

  3. Wiener, N.: Cybernetics or Control and Communication in the Animal and the Machine. The Technology Press John Wiley & Sons, Inc., New York (1948)

    Google Scholar 

  4. Council of Europe, Convention on Cyber-crime, CETS No.: 185, Budapest (November 23, 2001), http://conventions.coe.int (last visited May 08, 2011) Note: the CETS No.: 290 has changed the title into ’Convention on Cybercrime’

  5. EC, Towards a general policy on the fight against cyber crime , Communications from the Commission to the European Parliament, the Council and the Committee of the Regions, COM(2007) 267 final, Brussels, Belgium (2007), http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2007:0267:FIN:EN:PDF (last visited May 08, 2011)

  6. Rauscher, K.F., Yashenko, V.: Russia-U.S. Bilaterial on Cyber Security: Critical Terminology Foundations, EastWest Institute (2011), http://www.ewi.info/system/files/reports/Russia-U%20S%20%20bilateral%20on%20terminology%20v76%20%282%29.pdf ( last visited May 08, 2011)

  7. Derived from, http://defensetech.org/2009/01/09/peeking-into-private-data (last visited May 08, 2011)

  8. NATO: NATO MC0571, NATO Cyber Defence Concept, Brussels, Belgium (2008)

    Google Scholar 

  9. Scheuer, M.: Al-Quada Doctrine for International Political Warfare. Terrorism Focus III(42) (2006), http://jamestown.org/terrorism/news/uploads/tf_003_042.pdf (last visited May 08, 2011)

  10. Denning, D.E.: Cyberterrorism. Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services U.S. House of Representatives (2003), http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html (last visited May 08, 2011)

  11. Denning, D.E.: Is Cyber Terror Next?, Social Science Research Council (2001), http://www.ssrc.org/sept11/essays/denning.htm (last visited May 08, 2011)

  12. Lewis, J.A.: Assessing the risk of cyber terrorism, cyber war and other cyber threats, Center for Strategic and International Studies (2002) http://www.csis.org/tech/0211_lewis.pdf (last visited May 08, 2011)

  13. Pollitt, M.M.: Cyberterrorism: Fact or Fancy? In: Proceedings of the 20th National Information Systems Security Conference, Baltimore (1997)

    Google Scholar 

  14. Luiijf, H.A.M.: Cyberterrorisme. In: Muller, E.R., Rosenthal, U., de Wijk, R. (eds.) Bundel Terrorisme, pp. 149–168. Kluwer (2008)

    Google Scholar 

  15. Luiijf, H.A.M., Nieuwenhuijs, A.H.: Extensible Threat Taxonomy for Critical Infrastructures. Int’l Journal on Critical Infrastructures 4(4), 409–417 (2008)

    Article  Google Scholar 

  16. Luiijf, H.A.M., Nieuwenhuijs, A.H., Klaver, M.H.A., van Eeten, M.J.G., Cruz, E.: Empirical findings on European critical infrastructure dependencies. Int. J. System of Systems Engineering 2(1), 3–18 (2010)

    Article  Google Scholar 

  17. TNO’s database on CI disruptions, version 334 (5110 events; 6922 CI disruptions) (last visited May 08, 2011)

    Google Scholar 

  18. Ciancamerla, E., Minichino, M.: A Mini Telco Blackout Scenario, in Tools and Techniques for Interdependency Analysis (IRRIIS Deliverable D2.2.2), IRRIIS Consortium, Fraunhofer Institute for Intelligent Analysis and Information Systems, Sankt-Augustin, Germany (2007), http://www.irriis.org/File.aspx?lang=2&oiid=9138&pid=572 (last visited May 08, 2008)

  19. Baltimore Howard Street Tunnel fire (July 2001), http://en.wikipedia.org/wiki/Howard_Street_Tunnel_fire (last visited May 08, 2011)

  20. International Cable Protection Committee, www.icpc.org (last visited May 08, 2011)

  21. Examples of cable cuts, news.smh.com.au/thousands-hit-after-telstra-cable-cut/20080503-2am1.html , www.icelandreview.com/icelandreview/daily_news/?cat_id=40764&ew_0_a_id=359600 , www.ksta.de/html/artikel/1137402866724.shtml (last visited May 08, 2011)

  22. Example of shooting fibre optic cables, http://www.accessnorthga.com/detail.php?n=209108&c=10 (last visited May 08, 2011)

  23. Availability and Robustness of Electronic Communication Infrastructures - The ARECI Study, Alcatel-Lucent (2007), http://ec.europa.eu/information_society/policy/nis/strategy/activities/ciip/areci_study/index_en.htm (last visited May 08, 2011)

  24. Counterfeit products, http://www.andovercg.com/services/cisco-counterfeit-wic-1dsu-t1.shtml (last visited May 08, 2011)

  25. Stuxnet dossier v 1.4, Symantec, www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf (last visited May 08, 2011)

  26. http://www.networkworld.com/news/0414frame2.html (last visited May 08, 2011)

  27. The Cost of Cyber Crime, Detica and U.K. Office of Cyber Security and Information Assurance (2011), http://www.cabinetoffice.gov.uk/resource-library/cost-of-cyber-crime (last visited May 08, 2011)

  28. Jihadists and the Internet, National Coordinator for Counterterrorism, The Hague (2010), http://english.nctb.nl/Images/JihadismeUpdate2009-UK%20def_tcm92-279323.pdf?cp=92&cs=25496 (last visited May 08, 2011)

  29. Williams, C., Gardham, D.: Great likelihood of Cyber attacks by terrorists, The Telegraph (February 1, 2011), http://www.telegraph.co.uk/technology/8294023/Great-likelihood-of-cyber-attacks-by-terrorists.html (last visited May 08, 2011)

  30. Colarik, A.M.: Cyber Terrorism: Political And Economic Implications. Idea Group Publishing, Hershey (2006)

    Book  Google Scholar 

  31. The Terry Childs Case (2009), http://www.techrepublic.com/blog/career/terry-childs-will-the-true-story-ever-be-told/555 (last visited May 08, 2011)

  32. Luiijf, H.A.M. (ed.): Process Control Security in the Cybercrime Information Exchange, NICC (2010), http://www.cpni.nl/publications/PCS_brochure-UK.pdf , (last visited May 08, 2011)

  33. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Shacham, S.: Savage, Experimental Security Analysis of a Modern Automobile. In: 2010 IEEE Symposium on Security and Privacy, pp. 447–462 (2010), http://www.autosec.org/pubs/cars-oakland2010.pdf (last visited May 08, 2011)

Download references

Author information

Authors and Affiliations

  1. Netherlands Organisation for Applied Scientific Research TNO, P.O. Box 96864, 2509 JG, The Hague, The Netherlands

    Eric Luiijf

Authors
  1. Eric Luiijf
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Malaga, 29071, Málaga, Spain

    Javier Lopez

  2. Complex Systems & Security Lab, University CAMPUS Bio-Medico, Via Alavro del Portilla, 21, 00128, Roma, Italy

    Roberto Setola

  3. Information Security Group, Department of Mathematics, University of London, Royal Holloway, Egham Hill, TW20 0EX, Egham, Surrey, UK

    Stephen D. Wolthusen

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Luiijf, E. (2012). Understanding Cyber Threats and Vulnerabilities. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds) Critical Infrastructure Protection. Lecture Notes in Computer Science, vol 7130. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28920-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28920-0_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28919-4

  • Online ISBN: 978-3-642-28920-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation