SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        (of a storage device); information leakage; identity theft; cryptojacking (or cryptomining –
        use of device processing power to mine cryptocurrencies); ransomware (ransom of blocked
        files and devices); and cyber espionage (ENISA, 2019: p 9). All of the above cyber threats
        could be used against critical infrastructure, and if their character and consequences had po-
        litical goals, they could be identified as cyberterrorism.

        Malware is the most common cyber threat (ENISA, 2019: p 26), and there have been sev-
        eral well-known malware attacks against critical  infrastructure across the world. Uncov-
        ered in 2010, a computer worm named Stuxnet caused substantial damage to Iran’s nuclear
        programme, as it targeted supervisory control and data acquisition (SCADA) systems. It is
        widely believed to have been unleashed by Israel and the United States (Nakashima & War-
        rick, 2012). Industroyer was malware used in a cyber-attack on a power grid in Ukraine on
        December 17, 2016, which cut off power to a fifth of Kyiv. This attack was the second attack
        on Ukraine’s power grid; the first was in 2015 (Polityuk et al., 2017). In 2017, the malware
        Triton was discovered in Saudi Arabia, attacking a petrochemical plant by disabling instru-
        mented safety systems (ENISA, 2019: pp 28-29). Web or web application based attacks can
        also be used as an attack on critical infrastructure through an unsuspecting insider or client
        by spamming campaigns or trojans. In 2007, after a controversy about moving a communist-
        era monument, the Bronze Soldier, from the centre of Tallinn to a military cemetery, Estonia
        was hit by cyber-attacks orchestrated by Russians. Attacks in the form of a spam campaign
        spreading false news sparked riots by a Russian minority, and at the same time extreme lev-
        els of internet traffic took down the online services of government bodies, banks and media
        (McGuinness, 2017).

        A web-based attack unveiled in 2018 “abused the deep packet inspection hardware, used by
        Turks telecom, redirecting customers in Turkey and Syria to download spyware” (ENISA,
        2019: p 33). Although this does not sound as sinister as previous threats, phishing is so preva-
        lent that “90% of malware infections and 72% of data breaches in organizations originate
        from phishing attacks” (ENISA, 2019: p 40). With spearphishing these attacks are specifically
        targeted, like sextortion scams towards rich or influential individuals, or individuals with ac-
        cess to sensitive business data. Nation-state actors use spearphishing as a primary infection
        vector for espionage and disruption operations (ENISA, 2019: p 42). However, to utilize
        spearphishing, the hackers first need to get their hands on individual records, i.e. perform
        data breaches. The best-known incident, Cambridge Analytica-Facebook, is one of six social
        media data breaches, while the healthcare sector leads with 27% of incidents (ENISA, 2019:
        p 64). As a direct result of global service connectivity and its dependency on the Internet of
        Things (IOTs) there is a warranted threat from DDoS attacks on nations’ critical infrastruc-
        ture such as hospitals, public transport, and so on. Utilizing DDoS, botnets attacked Ricardo
        Anaya’s campaign website during Mexico’s presidential elections and the Ukraine president’s
        website, and are responsible for the failure of operations of the largest train service provider
        in Denmark (ENISA, 2019: pp 47-48).

        Insider threat accounts for 77% of data breaches in companies, exists in every government,
        organization or company, and can be a threat from (a) intentional malicious insiders, (b) neg-
        ligent insiders, and (c) unintentionally compromised insiders (ENISA, 2019: p 69). Types of
        data that are at risk of breach from insider threats are financials, costumers/employees’ data
        (57%); credentials, passwords (52%); sensitive personal information (49%); trade secrets,
        research product designs (32%); employee data (31%); and network, infrastructural control
        (27%) (ENISA, 2019: p 71). Unintentionally compromised insiders make unintentional data

       116