Welcome to the InfoSci Platform
A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

Timo Kiravuo, Seppo Tiilikainen, Mikko Särelä, Jukka Manner
Copyright: © 2016 |Volume: 6 |Issue: 1 |Pages: 12
ISSN: 1947-3435|EISSN: 1947-3443|EISBN13: 9781466692183|DOI: 10.4018/IJCWT.2016010104
Cite Article Cite Article

MLA

Kiravuo, Timo, et al. "A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward." IJCWT vol.6, no.1 2016: pp.41-52. http://doi.org/10.4018/IJCWT.2016010104

APA

Kiravuo, T., Tiilikainen, S., Särelä, M., & Manner, J. (2016). A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward. International Journal of Cyber Warfare and Terrorism (IJCWT), 6(1), 41-52. http://doi.org/10.4018/IJCWT.2016010104

Chicago

Kiravuo, Timo, et al. "A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward," International Journal of Cyber Warfare and Terrorism (IJCWT) 6, no.1: 41-52. http://doi.org/10.4018/IJCWT.2016010104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.