Estimating the vulnerability of industrial network infrastructure in Central and Eastern Europe

Twardawa, Mateusz Grzegorz; Smolik, Marek; Rakowski, Franciszek; Kwiatkowski, Jakub; Meyer, Norbert

doi:10.35467/sdq/190350

Powiadomienia systemowe

Sesja wygasła!
Sesja wygasła!
Sesja wygasła!
Sesja wygasła!

Artykuł - szczegóły

Tytuł artykułu

Estimating the vulnerability of industrial network infrastructure in Central and Eastern Europe

Autorzy

Twardawa Mateusz Grzegorz , Smolik Marek , Rakowski Franciszek , Kwiatkowski Jakub , Meyer Norbert

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.35467/sdq/190350

Warianty tytułu

Języki publikacji

Abstrakty

Industrial infrastructure has suffered an unprecedented number of attacks in Central and Eastern Europe (CEE). This situation can be attributed to many geopolitical factors, including hybrid military conflicts and criminal activity. Industrial networks belonging to

Słowa kluczowe

critical infrastructure network security cyberattack industrial control systems national vulnerability

Wydawca

Akademia Sztuki Wojennej

Czasopismo

Security and Defence Quarterly

Rocznik

2024

Tom

Vol. 47, No. 3

Strony

53--73

Opis fizyczny

Bibliogr. 42 poz., rys., tab.

Twórcy

autor

Twardawa Mateusz Grzegorz

mtwardawa@man.poznan.pl

ICT Security Department, Poznan Supercomputing and Networking Center (PSNC), affiliated to the Institute of Bioorganic Chemistry of the Polish Academy of Sciences, Jana Pawła II 10, 61-139, Poznań, Poland
Institute of Computing Science, Poznań University of Technology, Piotrowo 2, 60-965, Poznań, Poland

https://orcid.org/0000-0003-0661-0128

autor

Smolik Marek

Chief Technology Officer, ICsec S.A., Wichrowa 1A, 60-449, Poznań, Poland

autor

Rakowski Franciszek

Research and Development, Department, ICsec S.A., Wichrowa 1A, 60-449, Poznań, Poland

https://orcid.org/0000-0001-6133-8900

autor

Kwiatkowski Jakub

ICT Security Department, Poznan Supercomputing and Networking Center (PSNC), affiliated to the Institute of Bioorganic Chemistry of the Polish Academy of Sciences, Jana Pawła II 10, 61-139, Poznań, Poland
Institute of Computing Science, Poznań University of Technology, Piotrowo 2, 60-965, Poznań, Poland

https://orcid.org/0000-0001-7000-3862

autor

Meyer Norbert

Data Processing Technologies Division, Poznań Supercomputing and Networking Center (PSNC), affiliated to the Institute of Bioorganic Chemistry of the Polish Academy of Sciences, Zygmunta Noskowskiego 12/14, 61-704, Poznań, Poland

https://orcid.org/0000-0003-4020-5329

Bibliografia

1. Adamo, F., Attivissimo, F., Cavone, G. and Giaquinto, N. (2007) ‘SCADA/HMI systems in advanced educational courses’, IEEE Transactions on Instrumentation and Measurement, 56(1), pp. 4–10. doi: 10.1109/ TIM.2006.887216.
2. Alcaraz, C., Fernandez, G. and Carvajal, F. (2012) ‘Security aspects of SCADA and DCS environments’, in Lopez, J., Setola, R. and Wolthusen, S. (eds.) Critical infrastructure protection: Information infrastructure models, analysis, and defense. Berlin: Springer, pp. 120–149. doi: 10.1007/978-3-642-28920-0_7.
3. Alexopoulos, K., Koukas, S., Boli, N. and Mourtzis D. (2018) ‘Architecture and development of an industrial internet of things framework for realizing services in industrial product service systems’, Procedia CIRP, 72, pp. 880–885. doi: 10.1016/j.procir.2018.03.152.
4. Aserto Sp. z o.o. (n.d.) Optiba – sklep online. Available at: https://optiba.com/automatyka-przemyslowa-i-elektrotechnika (Accessed : 21 March 2023).
5. ASTOR (n.d.) ASTOR online shop. Available at: https://www.astor.com.pl/sklep/ (Accessed: 21 March 2023).
6. Bryes, E. (2013) ‘Rip and replace’ approach to SCADA security is unrealistic. Available at: https://www.tofinosecurity.com/blog/%E2%80%9Crip-and-replace%E2%80%9D-approach-scada-security-unrealistic (Accessed: 27 September 2023).
7. Cadena, A., Gualoto, F., Fuertes, W. Tello-Oquendo, L., Andrade, R., Tapia Leon, F. and Torres J. (2020) ‘Metrics and indicators of information security incident management: A systematic mapping study’, in Rocha A. and Pacheco Pereira R. (eds.) Smart innovation, systems and technologies. Singapore: Springer Nature, pp. 507– 519. doi: 10.1007/978-981-13-9155-2_40.
8. Chataway, J. (1999) ‘Technology transfer and the restructuring of science and technology in central and eastern Europe’, Technovation, 19(6–7), pp. 355–364. doi: 10.1016/S0166-4972(99)00029-2.
9. Chaudhary, S., Gkioulos, V. and Katsikas, S. (2022) ‘Developing metrics to assess the effectiveness of cybersecurity awareness program’, Journal of Cybersecurity, 8(1), tyac006. doi: 10.1093/cybsec/tyac006.
10. Cybersecurity and Infrastructure Security Agency (CISA) (2024) Defending OT operations against ongoing pro-Russia hacktivist activity. Available at: https://www.cisa.gov/resources-tools/resources/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity (Accessed: 13 June 2024).
11. Dragos Inc. (2024) OT cybersecurity – the 2023 year in review. Available at: https://www.dragos.com/ ot-cybersecurity-year-in-review/ (Accessed : 14 June 2024).
12. European Cybersecurity Organisation (2018) Industry 4.0 and ICS sector report: Cyber security for the industry 4.0 and ICS sector, WG3 I sectoral demand. Available at: https://ecs-org.eu/ecso-uploads/2022/10/5fdb2628a0318. pdf (Accessed: 21 March 2023).
13. European Union Agency for Cybersecurity (ENISA) (2022) ENISA threat landscape 2022. Available at: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2022 (Accessed: 28 September 2023).
14. European Union Agency for Cybersecurity (ENISA) (2024) EU cybersecurity index – Framework and methodological note. Available at: https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive-new/eu-cybersecurity-index/eu_csi_methodological_note_v1-0.pdf (Accessed: 13 June 2024).
15. Filippov, S. (2010) ‘Central and Eastern Europe: Innovation-led transition’, Problemy Eksploatacji, 3, pp. 139–148.
16. Gazzan, M. and Sheldon, F.T. (2023) ‘Opportunities for early detection and prediction of ransomware attacks against industrial control systems’, Future Internet, 15, p. 144. doi: 10.3390/fi15040144.
17. Google Ads (n.d.) Keyword planner. Available at: https://ads.google.com/home/tools/keyword-planner/ (Accessed: 21 March 2023).
18. International Telecommunication Union (2020) Global cybersecurity index—Measuring commitment to cybersecurity. Available at: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf (Accessed: 13 June 2024).
19. Kaspersky ICS CERT (2024) Threat landscape for industrial automation systems. Q1 2024. Available at: https://ics-cert.kaspersky.com/publications/reports/2024/05/27/threat-landscape-for-industrial-automationsystems-q1-2024/ (Accessed: 14 June 2024).
20. Kayan, H., Nunes, M., Rana, O., Burnap, P. and Perera C. (2022) ‘Cybersecurity of industrial cyber-physical systems: A review’, ACM Computing Surveys (CSUR), 54(11s), Article No. 229, pp. 1–35. doi: 10.1145/351041.
21. Kelly, T., Liaplina, A., Tan, S.W. and Winkler, H.J. (2017) Reaping digital dividends: Leveraging the internet for development in Europe and Central Asia. Washington, DC: World Bank. doi: 10.1596/978-1-4648-1025-1.
22. Krisper, M., Dobaj, J. and Macher, G. (2020) ‘Assessing risk estimations for cyber-security using expert judgment’, in Yilmaz M., Niemann J., Clarke P. and Messnarz R. (eds.) European conference on software process improvement. New York, NY: Springer, pp. 120–134. doi: 10.1007/978-3-030-56441-4_9.
23. Ladder Logic World (n.d.) PLC manufacturers: The latest PLC brands, rankings & revenues. Available at: https:// ladderlogicworld.com/plc-manufacturers/ (Accessed: 21 March 2023).
24. Lee, R.M., Assante, M.J. and Conway, T. (2016) Analysis of the cyber attack on the Ukrainian power grid: Defense use case, SANS Industrial Control Systems. Available at: https://media.kasperskycontenthub.com/wp-content/ uploads/sites/43/2016/05/20081514/E-ISAC_SANS_Ukraine_DUC_5.pdf (Accessed: 2 December 2022).
25. Li, Y. and Liu, Q. (2021) ‘A comprehensive review study of cyber-attacks and cyber security, emerging trends and recent developments’, Energy Reports, 7, pp. 8176–8186. doi: 10.1016/j.egyr.2021.08.126.
26. Marco, G.D., Loia, V., Karimipour, H. and Siano, P. (2021) ‘Assessing insider attacks and privacy leakage in managed IoT systems for residential prosumers’, Energies, 14(9), 2385. doi: 10.3390/en14092385.
27. Meland, P.H., Tokas, S., Erdogan, G., Bernsmed, K. and Omerovic, A.A (2021) ‘Systematic mapping study on cyber security indicator data’, Electronics, 10(9), 1092. doi: 10.3390/electronics10091092.
28. Microsoft (2022) New ‘Prestige’ ransomware impacts organizations in Ukraine and Poland. Microsoft Threat Intelligence. Available at: https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/ (Accessed: 28 September 2023).
29. National Cyber Security Index (NCSI) (n.d.) National Cyber Security Index. Available at: https://ncsi.ega.ee/ ncsi-index/ (Accessed: 28 September 2023).
30. National Institute of Standards and Technology (NIST) (n.d.) National vulnerability database. Available at: https://nvd.nist.gov/vuln (Accessed: 21 March 2023).
31. Naudé, W., Surdej, A. and Cameron, M. (2019) The past and future of manufacturing in Central and Eastern Europe: Ready for Industry 4.0? Report IZA DP No. 12141. Bonn: Institute of Labor Economics (IZA).
32. Shodan (n.d.) Search Engine for the Internet of Everything. Available at: https://www.shodan.io/ (Accessed: 13 June 2024).
33. Sim, M.A. (2008) ‘Teaching English in several Central and Eastern European countries’, Annals of Faculty of Economics, 1(1). pp. 644–648.
34. Skelly, A.C., Dettori, J.R. and Brodt, E.D. (2012) ‘Assessing bias: The importance of considering confounding’, Evidence-Based Spine-Care Journal, 3(1), pp. 9–12. doi: 10.1055/s-0031-1298595.
35. StatCounter (n.d.) Search engine market share in Europe. Available at: https://gs.statcounter.com/search-enginemarket-share/all/europe (Accessed: 29 September 2023).
36. Stellios, I., Kotzanikolaou, P. and Psarakis, M. (2019) ‘Advanced persistent threats and zero-day exploits in industrial Internet of things’, in Alcaraz, C. (ed.) Security and privacy trends in the industrial internet of things. Advanced sciences and technologies for security applications. Cham: Springer. pp. 47–68. doi: 10.1007/978-3-030-12330-7_3.
37. Sterowniki-PLC.net (n.d.) Sterowniki-plc.net – sklepinternetowy. Available at: https://sterowniki-plc.net/ (Accessed: 21 March 2023).
38. Stout, T.M. and Williams, T.J. (1995) ‘Pioneering work in the field of computer process control’, IEEE Annals of the History of Computing, 17(1), pp. 6–18. doi: 10.1109/85.366507.
39. Twardawa, M.G., Smolik, M., Rakowski, F., Kwiatkowski, J. and Meyer. N. (2024) ‘SCADvanceXP – an intelligent Polish system for threat detection and monitoring of industrial networks’, Security and Defence Quarterly, 48(4) Online first. doi: 10.35467/sdq/177655.
40. United States District Court, Southern District of New York (2016) United States of America v. Ahmad Fathi, Hamid Firoozi, Amin, Shokohi, Sadegh Ahmadzadegan a/k/a ‘Nitr0jen26’, Omid Ghaffarinia a/k/a ‘PLuS’, Sina Keissar, and Nader Saedi, a/k/a ‘Turk Server’. Indictment, 24 March, pp. 14–16. Available at: https://www.justice. gov/media/824691/dl?inline (Accessed: 27 September 2023).
41. Walker, S. (2019) ‘“This is the golden age”: Eastern Europe’s extraordinary 30-year revival’, The Guardian, 26 October. Available at: https://www.theguardian.com/world/2019/oct/26/this-is-the-golden-age-eastern-europes-extraordinary-30-year-revival (Accessed: 26 September 2023).
42. Yerina, A., Honchar, I. and Zaiets, S. (2021) ‘Statistical indicators of cybersecurity development in the context of digital transformation of economy and society’, Science and Innovation, 17(3), pp. 3–13. doi: 10.15407/ scine17.03.003.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr POPUL/SP/0154/2024/02 w ramach programu "Społeczna odpowiedzialność nauki II" - moduł: Popularyzacja nauki i promocja sportu (2025).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-e32a9059-45cb-4a13-bb7d-0302badf2906