Received: 2020-03-15  |  Accepted: 2020-07-15  |  Published: 2020-09-30

Title

Cyber-attacks to critical energy infrastructure and management issues: overview of selected cases


Abstract

The purpose of the paper is to analyze the vulnerabilities of Critical Energy Infrastructures’ systems in the event of cyber-attack. The global tendency of cyber-attacks puts Critical Energy Infrastructures on one of the first places for targets. Critical Infrastructure Protection (CIP) has become an increasingly relevant topic in the global industrial environment, as the consequences of cyber-attacks toward ICS can result in physical disruption and loss of human lives. The analysis presented in the paper will take into consideration three different case scenarios of cyber-attacks to Critical Energy Infrastructures, and will evaluate the outcomes and the tactics used by the organizations’ response and recovery.


Keywords

critical infrastructure, management, cyber-attack, energy security, cybersecurity


JEL classifications

M15 , Q48


URI

http://jssidoi.org/ird/article/47


DOI


Pages

703-715


Funding

This research was partly supported by the project, which has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 830892

This is an open access issue and all published articles are licensed under a
Creative Commons Attribution 4.0 International License

Authors

Plėta, Tomas
Vilnius Gediminas Technical University, Vilnius, Lithuania https://www.vgtu.lt
Articles by this author in: CrossRef |  Google Scholar

Tvaronavičienė, Manuela
Vilnius Gediminas Technical University, Vilnius, Lithuania https://www.vgtu.lt
General Jonas Žemaitis Military Academy of Lithuania, Vilnius, Lithuania http://www.lka.lt
Articles by this author in: CrossRef |  Google Scholar

Casa, Silvia Della
Daugavpils University, Daugavpils, Latvia https://du.lv
NATO Energy Security Centre of Excellence, Vilnius, Lithuania https://enseccoe.org
Articles by this author in: CrossRef |  Google Scholar

Agafonov, Konstantin
Mykolas Romeris University, Vilnius, Lithuania https://www.mruni.eu
Articles by this author in: CrossRef |  Google Scholar

Journal title

Insights into Regional Development

Volume

2


Number

3


Issue date

September 2020


Issue DOI


ISSN

ISSN 2345-0282 (online)


Publisher

VšĮ Entrepreneurship and Sustainability Center, Vilnius, Lithuania

Cited

Google Scholar

Article views & downloads

HTML views: 482  |  PDF downloads: 194

References


Accenture Security. (2018). Gaining ground on the cyber attacker: 2018 State of Cyber Resilience. USA: Accenture Security. Retrieved from https://www.accenture.com/us-en/insights/security/2018-state-of-cyber-resilience-index

Search via ReFindit


Accenture Security. (2019). The Cost of Cybercrime. Traverse City, Michigan: Ponemon Institute. Retrieved from https://www.accenture.com/_acnmedia/pdf-96/accenture-2019-cost-of-cybercrime-study-final.pdf

Search via ReFindit


Ahola, M. (2019, October 18). The Role of Human Error in Successful Cyber Security Breaches. Retrieved from usecure: https://blog.getusecure.com/post/the-role-of-human-error-in-successful-cyber-security-breaches

Search via ReFindit


Alshathry. (2017, February). Cyber Attack on Saudi Aramco. International Journal of Management of Information Technology, 11(5), p. 3037. doi: https://doi.org/10.24297/ijmit.v11i5.5613

Search via ReFindit


Amin, M. (2002). Security challenges for the electricity infrastructure. Computer, 35(SUPPL.), 8-10. doi: https://doi.org/10.1109/MC.2002.989920

Search via ReFindit


Amin, S. M. (2010, Spring). Securing the Electricity Grid. The Bridge: Linking Engineering and Society, 40(1), 13-19. Retrieved from http://massoud-amin.umn.edu/publications/Securing-the-Electricity-Grid.pdf

Search via ReFindit


Ayral T., O. J. (2016, July). Minimize industrial cyber security risk in plants in 12 steps. Retrieved from Hydrocarbon Processing: https://www.hydrocarbonprocessing.com/magazine/2016/july-2016/process-control-and-instrumentation/minimize-industrial-cyber-security-risk-in-plants-in-12-steps

Search via ReFindit


Beazner M., R. P. (2017). CSS Cyber Defence Hotspot Analysis: Stuxnet. Zurich: Center for Security Studies (CSS), ETH Zurich. Retrieved from https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/Cyber-Reports-2017-04.pdf

Search via ReFindit


Bhayani M., P. M. (2016). Internet of Things (IoT): In a Way of Smart World. In B. Y. Satapathy S., Proceedings of the International Congress on Information and Communication Technology. Advances in Intelligent Systems and Computing (Vol. 438). Singapore: Springer.

Search via ReFindit


Blume, S. W. (2007). Electric Power System Basics. (I. o. Engineers, A cura di) Wyley and Sons, INC.

Search via ReFindit


Bronk C., T.-R. E. (2013). Hack or Attack? Shamoon and the evolution of Cyber Conflict. SSRN. doi: http://dx.doi.org/10.2139/ssrn.2270860

Search via ReFindit


CESG. (2016). Common Cyber Attacks: Reducing The Impact. London: CESG. Retrieved from https://www.ncsc.gov.uk/static-assets/documents/common_cyber_attacks_ncsc.pdf

Search via ReFindit


Chesla, A. (2012, October 25). Cyber War Rooms: Why IT Needs New Expertise To Combat Today's Cyberattacks. Retrieved from Security Week: https://www.securityweek.com/cyber-war-rooms-why-it-needs-new-expertise-combat-todays-cyberattacks

Search via ReFindit


Darville C., D. B. (2015). Cyber Security Incident Management Guide. (C. f. Belgium, A cura di) Belgium: Cyber Security Coalition. Retrieved from https://b-ok.cc/book/3704644/d3244d

Search via ReFindit


Das R., Z. G. (2019). Analysis of Cyber-Attacks in IoT-based Critical infrastructures. International Journal of information Security, 8(4), 122-133. Retrieved from http://www.ijiss.org/ijiss/index.php/ijiss/article/view/490/pdf_80

Search via ReFindit


De Falco, M. (2012). Stuxnet Facts Report: A Technical and Strategic Analysis. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence. Retrieved from https://ccdcoe.org/uploads/2018/10/Falco2012_StuxnetFactsReport.pdf

Search via ReFindit


Dragos. (2017). CRASHOVERRIDE: Analysis of the Threat to Electric Grid Operations. Hanover: Gragos.Inc. Retrieved from https://www.key4biz.it/wp-content/uploads/2017/06/CrashOverride-01.pdf

Search via ReFindit


E-ISAC. (2016). Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case. Washington: SANS ICS. Retrieved from http://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf

Search via ReFindit


Egozcue E., R. D. (2012). Annex II. Security aspects of the smart grid. In D. H. E. Egozcue, Smart Grid Security: Recommendations for Europe and Member States. European Network and Information Security Agency (ENISA). Retrieved from https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-services/smart-grids/smart-grids-and-smart-metering/ENISA_Annex%20II%20-%20Security%20Aspects%20of%20Smart%20Grid.pdf

Search via ReFindit


Falliere N., M. L. (2011). W32.Stuxnet Dossier. Cupertino, CA: Symantec Security Response. Retrieved from https://css.csail.mit.edu/6.858/2014/readings/stuxnet.pdf

Search via ReFindit


FireEye. (2016). Cyber Attacks on the Ukrainian Grid: What you should know. Milpitas, CA: FireEye. Retrieved from https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/fe-cyber-attacks-ukrainian-grid.pdf

Search via ReFindit


ICS Engineering Inc. (2017). Types of Redundancy. Retrieved from ICS Engineering Inc.: http://www.icsenggroup.com/types-of-redundancy.shtml

Search via ReFindit


Inductive Automation. (2020, February 28). IIoT: Combining the Best of OT and IT. Industrial Ethernet Book , 9514. USA: IEB Media GdR. Retrieved from https://iebmedia.com/index.php?id=11673&parentid=63&themeid=255&hft=95&showdetail=true&bb=1

Search via ReFindit


Israel, M. (2019, April). No More Dangling from Rooftops: Integrating Cybersecurity. Advancing Automation Cybersecurity into the Connected Plant Transformation, XV, p. 5-9.

Search via ReFindit


Kerr P., R. J. (2010). The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability. Washington: Congressional Research Service. Retrieved from https://fas.org/sgp/crs/natsec/R41524.pdf

Search via ReFindit


Kshetri N., V. J. (2017). Hacking Power Grids: A Current Problem. IEEE Security & Privacy, 91-95. doi:10.1109/MC.2017.4451203

Search via ReFindit


Limba, T., Plėta, T., Agafonov, K., & Damkus, M. (2017). Cyber security management model for critical infrastructure. Entrepreneurship and Sustainability Issues, 4(4), 559-573. http://dx.doi.org/10.9770/jesi.2017.4.4(12)

Search via ReFindit


Mackenzie, H. (2012, October 25). Shamoon Malware and SCADA Security – What are the Impacts? Retrieved from Tofino Security: https://www.tofinosecurity.com/blog/shamoon-malware-and-scada-security-–-what-are-impacts

Search via ReFindit


Mahmud R., V. R. (2015). A survey on smart grid metering infrastructures: Threats and solutions. 2015 IEEE International Conference on Electro/Information Technology (EIT) (p. 386–391). IEEE.

Search via ReFindit


McLaughlin S., P. D. (2010). Energy Theft in the Advanced Metering Infrastructure. International Conference on Critical Information Infrastructures Security (p. 176-187). Berlin: Springer-Verlag Berlin Heidelberg. doi:10.1007/978-3-642-14379-3_15

Search via ReFindit


NATO. (2020, March 17). Cyber Defence. Retrieved from NATO: https://www.nato.int/cps/en/natohq/topics_78170.htm

Search via ReFindit


OpUtils. (2020, February 21). Rogue Device Detection Software. Retrieved from ManageEngine: https://www.manageengine.com/products/oputils/rogue-detection-tool.html?lhs

Search via ReFindit


Oracle. (2012). Mitigating Cyber-Security Risk of Smart-Grid AMI. Oracle. Retrieved from www.oracle.com/us/technologies/bpm/mitigate-cyber-security-risk-1533517.pdf

Search via ReFindit


Park D., S. J. (2017, October 11). Cyberattack on Critical Infrastructure: Russia and the Ukrainian Power Grid Attacks. Retrieved from The Henry M. Jackson School of International Studies: https://jsis.washington.edu/news/cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/#/

Search via ReFindit


Ryder R., M. A. (2019). Cyber Crisis Management. New Delhi: Bloomsbury India.

Search via ReFindit


Wuuest, C. (2014, January 13). Targeted Attacks Against the Energy Sector. Security Response. Retrieved from https://bluekarmasecurity.net/wp-content/uploads/2014/09/Symantec_Targeted-Attacks-Against-the-Energy-Sector_whitepaper.pdf

Search via ReFindit


Z. Drias, A. S. (2015). Analysis of Cyber Security for Industrial Control Systems. 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC 2015) (p. 83-91). Shanghai, China: IEEE.

Search via ReFindit