Critical Infrastructure Threat Landscape: Understanding and Reacting



Francesca Bosco – UNICRI, Presented at the 2016 Spring SERENE-RISC Workshop.

Advances in the field of global technology have transformed the way in which societies function, affecting governments, businesses, and individuals alike, evoking a wide array of societal benefits, while also subjecting populations to varying degrees of cyber risk. Critical infrastructure serves as a key example of an area that both traverses multiple societal levels, and one which is heavily impacted by technological developments. The disruption or complete shutdown of services provided by critical infrastructure, be they associated with water distribution, electrical grid, nuclear power, or other areas, can have catastrophic effects at local, national, and even international level. Today, cyber threats are increasing in number, type, and sophistication. Various reports highlight this vital point, bringing to the forefront the multiple cyber risks that can be incurred by users of technologically-based systems. In light of the numerous techniques and threat vectors available to hackers intent on carrying out an attack, entities in charge of critical infrastructure facilities, and their associated supply chains, should have adequate security protocol in place to defend against cyberattacks and infiltration, mitigate damage in the event of a cyber incident, and be able to show resilience in the aftermath of an actual attack. With this in mind, UNICRI has been instrumental in the field of critical infrastructure protection, with a recent focus on supply chain security and on nuclear facilities. Additionally, within the framework of UNICRI’s CBRN Programme, the institute has been highly active in developing a comprehensive Information Security Management System for CBRN facilities.