According to experts, the current crisis in the Middle East is not going to lead to a large-scale international war on land any time soon. But there is a chance that a new form of strategic attack could take place. A cyber attack. Modern Western society, especially in urban areas, has a vast number of critical infrastructures that provide electricity, water or gas. But it is as much about the supply of food or fuel as it is about communication structures and railways. If targets like these are hit by a so-called cyber attack, then that will have a major impact on our society.
During the first half of 2019, cyber criminals greatly increased their cyber attacks on these infrastructures and hardware in the “Internet of Things” (IoT) and on specific Windows networks. This is what F-Secure states in their most recent Attack Landscape H1 Report. After the United States of America, The Netherlands is one of the most crucial targeted countries when it comes to cyber attacks.
These infrastructures are based on what are known as cyber-physical systems. These are network facilities where software and hardware are linked together as mechanical and electronic elements via a data infrastructure such as the internet.
Attacks on cyber-physical systems
An example of an attack on a cyber-physical system is the attack on a Ukrainian power plant in 2017 which caused a power outage in Kiev for several hours. The attackers entered the operating system by using malware on computers from an energy supplier and took complete control of the power plant.
Attacks on soft targets
However, attacks on these so-called ‘soft targets’ can also affect infrastructure networks. Soft targets are attractive targets for terrorist attacks in public spaces. As was demonstrated by the attack on the Berlin Christmas market in 2016.
Repercussions of attacks on infrastructure
A team from the Institut für Angewandte Informatik (Institute of Applied Informatics) at the University of Klagenfurt in Austria is now working on a simulation that assesses these type of attacks. The main focus is on the dynamic relationships between infrastructures. For example, a power failure also has consequences for hot water supplies and cooling systems in supermarkets. As well as for life support equipment in hospitals and public transport services. These consequences and possible knock-on effects need to be taken into account in simulations.
Simulation of potential threats
The ODYSSEUS Project entails a cross-domain risk model for the city of Vienna. The model is built on the basis of established data. Artificial intelligence techniques will be used so as to ensure that the simulation is as realistic as possible. The model forms the basis for simulation of potential threats. Natural disasters will also be simulated in addition to incidents caused by people.
Anticipated consequences of threats
One of the key results that ODYSSEUS provides, is to demonstrate within a simulation environment what the consequences for the urban population could be if this type of cyber attack actually happened. Security measures can then be taken based on this in order to prevent a potential attack. Furthermore, it offers opportunities to map out scenarios in the event that these type of attacks do take place.
Also of interest:
Cyber Resilience Centre in Brainport Eindhoven