To understand the importance and need from apply critical infrastructure cybersecurity, I will first define the concept as performed by the National Center for Infrastructure Protection and Cybersecurityurity (CNPIC): “They are the strategic infrastructures, which provide essential services and whose operation is indispensable and does not allow alternative solutions, so that their disruption or destruction would have a serious impact on essential services“. These infrastructures are made up of sectors or services considered essential, since, as the word itself confirms, they are vital for the correct and continuous development of society as we know it today.we know todaywhich are the following:
- Financial Sector
- Administration
- Water
- Feeding
- Energy
- Space
- Chemical Industry
- Nuclear Industry
- Research facilities
- Health
- Information and Communication Technologies (ICT)
- Transportation
Despite the fact that any type of incident in these sectors would affect tragic and unexpected waythe impact in the se security of the information, area cybersecurity is focused on, is based on three aspects indispensable: davailability, integrity and confidentiality. Contextualizing these conditions with the subject in question, we obtain the following threats: non-availability of servicesalteration or manipulation of theinformation disclosure and access to privileged information. As set forth in as stated in the report on Cyber Threats and Trends Report 2019 published by the National Cryptologic Center, the main attacks suffered by the critical infrastructures during 2018 were the interruption of services, sabotage, espionage, manipulation of systems and manipulation and theft of information. These incidents can be perpetrated by different actors with differentferents motivationswhether economic, geopolitical, business or ideological., among others. Lnd trends show that the most frequent is that they are carried out by States or State-sponsored groups.although it is not extrato attack them.s from cybercriminals, cyberterrorists, hacktivists or internal staff through what are known as hybrid attacks, which combine different types of aggression, such as. And such is the riskthat in the present the Critical Infrastructure Alert Level (NAIC) is at 4 out of 5, considered as a risk tolto.
Observing the threats and possible risks to critical infrastructures, it is necessary to take a series of measures to avoid their occurrence. PBut the need is not only in these facts, but also in the need to use shares in certain assets.not only lies in these facts, but it is also necessary to use shares in certain assets as it canan ser: asystem upgrades, hardware refurbishment, hardware renewal obsolete, awareness froml personnel, increased security of connected devicesconnected devices o the application of security methodologies such as Threat Intelligence for potential vulnerabilities, targets from attack, threats or the actors involved in these. Certain measures are already being carried out to evaluate and audit facilities and service providers themselves, even requiring certain safety certifications or legal responsibilities. with the sole purpose of guaranteeing the security of both the essential service and the provider itself.
A example of the need to implement measuresas will be shown in a real case real case, is in industrial infrastructures, which continue to maintain a high level of sndustrial control systems with outdated operating systems and security flaws in the in the design. OtrThe increase in the number of connected devices known as Internet of Industrial Things (IIOT), productivity-enhancing devices y the processes but lacking the necessary safety measures.
Case Studies
All of the above is based on the conclusions drawn from numerous attacks around the world, and there have been many in recent years.There have been quite a few attacks in recent years. In 2010, one of the most famous attacks, the attack on the Natanz nuclear power plant, became public. Natanz nuclear power plantIran. Various research sources believe that the malware, known as “Stuxnet”, managed to gain access to The nuclear power plant’s computer systems by means of a removable memory device such as a USB flash drive. Once inside the computer system, the worm managed to get inside the system and take control of the software that manages the centrifuges, making modifications to the rotation speed of the centrifuges, both increasing and decreasing the speed. The consequence, and objective, was the destruction of the centrifuges, leaving nearly 1,000 machines inoperative inside the plant.
Another of the most critical known attacks is the one that affected at least 16 UK hospitals in 2017. The attack was the result of a global attack by ransomwarespecifically “WannaCry”, in which the cybercriminals hijacked the medical centers’ devices and in return demanded a fee for their decryption. This type of attack, in addition to the target in question, has serious consequences, since the lives of people are in the hands of criminals, as well as their access to large amounts of information.s confidential information.
An example of how industrial control systems are vulnerable can be found in Ukraine, where in 2016, certain regions suffered a power outage lasting several hours due to a power failure.a deliberate computer attack on several power plants. Specifically, the malware used was the Trojan “BlackEnergy“I sawThis has been the case previously in other attacks on critical infrastructure in the same country. By Lastly, in 2007, Estonia suffered one of the first recorded cyber-attacks, being one of the pioneers in this field. in carrying out the digital transformation of the public and private sector, centralizing its services on the Internet. The attack was based on distributed denial of service (DDOS). and marked a turning point in the digital sphere: a new source of threat was discovered and a new type capable of stopping a multitude of services considered essential.
Competent Bodies in Spain
Spaina account with the National Center for Infrastructure Protection and Cybersecurity (CNPIC)the body responsible for the promotion, coordination and supervision of all policies and activities related to the protection of Spanish critical infrastructures. and with cybersecurityd. Collaborates with the InstitutNational Institute of Cybersecurity (INCIBE) in the response to information security incidents in critical infrastructures by means of a Security Incident Response Team. a Security Incident Response Team, known as CERT for Security and Industry (CERTSI), for private sector companies. Coordination between the two institutions is carried out through the Cyber Coordination Office (CCO).CC). On the other hand, incident management within the public sector is carried out jointly by the CNPIC and the National Cryptologic Center (CCN) through its own CERT, CCN-CERT.
In short, the need for need to protect critical sectors and infrastructures.of protecting critical sectors and infrastructures, since, as has been observed in some of the real examples shownas has been observed in some of the real examples shown, it can make the difference between the difference between a mere security incident and seeing society plunged into chaos with consequences incalculable. PTherefore, the, the importance of raising awareness and providing adequate training not only to employees, but also to society as a whole, of the differentis digital threats and risks, as the stakes are high. and the difference can make a vital difference.
Carlos Javier García García