Page 153 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 153
ANDREJ ILIEV, FERDINAND ODZAKOV: HISTORICAL AND LEGAL ASPECTS OF CYBER ATTACKS ON CRITICAL INFRASTRUCTURE
With a final goal of reprogramming industrial control systems, Stuxnet was a large, complex
piece of malware with many different components and functionalities, a threat that was primarily
written to target an industrial control system or set of similar systems. Industrial control systems
are used in gas pipelines and power plants. In order to achieve this goal the creators amassed a
vast array of components to increase their chances of success. Stuxnet was a threat targeting a
specific industrial control system like that of Iran, its ultimate goal was to sabotage a facility by
reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them
to, most likely out of their specified boundaries (Falliere, et al., 2010: pp. 1-3).
In general, cyber-attacks can be separated into three major categories: (I) “automated malicious
software” delivered over the internet, (II) “denial-of-service attacks” and (III) “unauthorized
remote intrusions into computer systems”. (Sklerov, 2009).
2 Historical Evolution of Cyber-Attacks on Critical
Infrastructure
Critical infrastructure is vulnerable to all type of attacks, and increasingly to attacks
committed through the internet. Cyber threats to critical infrastructure (CI) are an evolving
security challenge that can impact global security, public safety and the economy in general.
As the private sector owns and operates most of the (CI) assets networks, and governments are
responsible for national security, securing (CI) against cyber threats is a shared responsibility
of both the public and private sectors (H2020 700416, project, “Securing Critical Energy
Infrastructures,” http://www.successenergy.eu/).
The first period of the historical development of cyberattacks encompasses the technological
development of information technology from the early 1980s to the end of the Cold War in
the early 1990s. Here we will try to highlight the most important examples of cyber attacks
and cyber operations during this decade. During 1982, then US President Ronald Reagan
approved a “state secret” plan for the use of specific software capable of controlling gas
supply pumps and their turbines in industrial gas production and distribution facilities in the
former Soviet Union. Fortunately or unfortunately, this software was stolen by secret Russian
agents during their stay in Canada. The software was able to change the flow rate of the gas
pumps and thereby succeeded in causing them to malfunction. Former US Air Force Secretary
and former Director of the National Reconnaissance Office, Thomas C. Reed, in his book
“At the Abyss: An Insider’s History of the Cold War,” said that the psychological effect of
this software and the effect on the Soviet Union’s economic capacities, significantly speed up
the process of ending the Cold War. US used cyber warfare during Iraq’s invasion in 1991
(Hoffman, 2004). During Operation Desert Storm, a strategic air campaign was launched
against Iraq’s air defences, so that the command and control telecommunications information
system was attacked by advanced computer software, causing electrical disruptions in Iraq’s
telecommunications information system (Operation Desert Storm,1997, Appendix V).
The second period of the development of cyber attacks is the next decade, from 1990 to the
9/11 terrorist attacks on the US in 2001. A virtual online war broke out between Chechens
and pro-Russian forces in 1994. This virtual war on the internet simulated military operations
which one or other party wanted to carry out in the field in a real sense. This sophisticated
widespread action of internet psychological propaganda is known as psychological surgery.
153
