ENISA Threat Landscape 2014: Industrial and Infrastructure Cyberthreats

ENISA (European Union Agency for Network and Information Security) has published its report “ENISA Threat Landscape 2014”, which details the main emerging cyberthreats currently affecting organizations and analyzes the main attack vectors used.

Within this report, on page 60, specific mention is made of what ENISA calls Cyber Physical Systems (*) and their relationship with the protection of critical infrastructures. In other words, the report analyzes the importance of this type of system for efficiently carrying out the processes associated with industrial organizations or those linked to the energy sector, and how the attack and/or alteration of these is closely related to the protection of critical infrastructures.

In addition, the report identifies the emerging cyberthreats that directly affect CPS. The following figure shows the most important ones, and it can be seen how the appearance of specific malware or malware that uses vulnerabilities associated with CPS systems to achieve its objectives appears in the first place of emerging threats.

On the other hand, the report lists (not in a prioritized way) the key aspects that are subject to analysis and study associated with CPS. These include:

• The authentication and control of access to CPS.
• The systems that allow checkpointing and disaster recovery processes on the CPS, that is, that ensure their high availability.
• The protection of CPS systems that have already been deployed (legacy systems).
• The interest in protecting networks created with wireless sensors.

The section dedicated to CPS concludes by analyzing a recurring aspect. The technological heterogeneity of this type of environment (different information systems, field devices, OS, means of communication, etc.) together with its criticality and its idiosyncrasy (short latencies, determinism, real time, etc.) increases the risk of these environments and makes their management very complex from the point of view of cybersecurity.

(*) A new concept appears, Cyber Physical Systems, to refer to what we usually understand as the OT (Operation Network/Technology) environment. That is, the network/environment in which field devices (PLC, RTU, DCS) and real-time information systems (SCADA, HMI, MES) converge, among others.