Critical Infrastructure

Massive increase in cyber attacks in 2022

Universities, research centers, state and military services, hospitals, communication infrastructure and banks have received numerous cyberattacks in 2022; and the worst is yet to come.

It is estimated that more than 1.000 cyberattacks per organisation take place throughout the universe, which is 38% more than 2021. In Europe in particular, the average number of attacks per target reached 1.000, with an increase of 26% when compared to 2021. In a worse position one can find the Americans, as they faced an increase of 52%!

Continue reading

CriM -- Cyber Security Seminar and Workshops -- 2022

During November 2022 we held the Cyber Security Seminar and Workshops in Oulu, Finland. This four days event has been held since 1999 and brings together teachers, researchers, experts, and students of cybersecurity: https://www.oulu.fi/en/crim.

CriM had twelve talks before lunch and three exercises in the afternoon, covering topics from incidence response to password handling. We were especially glad to hear a talk from Bart Preneel, Europe’s most pronounced cryptography expert, who reminded us at the end of his presentation to a quote from Immanuel Kant “Optimism is a moral duty”.

Continue reading

Cybersecurity For Public Utilities Solutions III

Failing to understand the gravity of the potential effects of a power grid attack leaves municipal utility companies unprepared to enact the necessary cybersecurity counter-measures necessary to prevent or, at least, mitigate attacks. As Miller [1], points out, local governments could benefit from the information that would lead to the early prevention of cyberattacks. Unfortunately, the information is often hidden or never revealed. Although municipalities are obliged to report attacks in a timely fashion, they often avoid reporting attacks to maintain credibility. Nor do they necessarily see sharing of information about attacks as useful.

Continue reading

Cybersecurity For Public Utilities Solutions II

Cyberattacks launched on municipal utility companies are similar to attacks in any other industry. However, the potential for OT attacks and the dangers of a major service disruption has raised the stakes. Miller outlines in this article [1] the most common cybersecurity attacks that have affected municipal utility companies. 

Denial of Service 

Attacks that stop users from accessing essential networks are typically referred to as denial of service (DoS) or distributed denial of service (DDoS) attacks. A DoS attack is initiated by a single attacking computer. A DDoS attack is launched by multiple attacking devices. While the attack is in progress, companies can’t access the means to provide services. These attacks have serious implications for any company, but the interruption of essential services like electricity or running water can quickly become disastrous.  Unfortunately, given the lack of training many utilities are particularly vulnerable to denial of service attacks. While these attacks are difficult to deal with, more work on raising an awareness of the issues and possible counter-measures would be invaluable.

Continue reading

Cybersecurity For Public Utilities Solutions I

In 2021 Jason Miller wrote an article on cybersecurity for municipal utilities stressing that cyber-attacks were increasing every year and greatly impacting a wide range of high-profile targets from governmental agencies to financial and insurance organizations, hospitals and other health facilities, and educational institutions. Of particular concern in many countries, he points out, is the situation on local levels where local governments with municipal utilities are often under-funded with poorly trained staff [1]. Unfortunately, the solutions he offers do not take into account the range of problems facing municipal utilities. Many are not aware, however, of how municipal utilities have become targets for “nation-state actors” and the possibly disastrous effects of an attack.

Continue reading