TY - GEN
T1 - Cybersecurity Threats to and Cyberattacks on Critical Infrastructure
T2 - 21st European Conference on Cyber Warfare and Security, ECCWS 2022
AU - Watney, Murdoch
N1 - Publisher Copyright:
© 2022 Curran Associates Inc.. All rights reserved.
PY - 2022
Y1 - 2022
N2 - Over the years cybersecurity threats to and cyberattacks on the critical infrastructure by state and non-state actors have escalated in intensity and sophistication. Cyberattacks, such as the 2017 NotPetya ransomware attack, the 2020 SolarWinds software supply chain attack and the 2021 Colonial Pipeline ransomware attack, illustrate the vulnerability of critical infrastructure to cyberattacks. Most cyberattacks are committed across borders involving criminal hackers or state supported hackers. Furthermore, critical infrastructure is increasingly interconnected and interdependent. Connectivity brings about the risk of a cyberattack, demonstrated by the 2021 Colonial Pipeline ransomware attack. Interconnectedness also means that the compromise of one critical infrastructure asset can have a domino effect that degrades or disrupts others and results in cascading consequences across the economy and national security. Operational continuity is essential and this may have been one of the reasons why Colonial Pipeline paid a ransom to cyber-attackers. A cyberattack on the critical infrastructure of a state cannot be seen in isolation as the consequences of the attack may impact other states, this was illustrated by the 2017 WannaCry and NotPetya ransomware attacks. The level of sophistication of cyberattacks has increased over the years as shown by the 2020 SolarWinds software supply chain attack. The escalation of attacks has served as a catalyst for governments to address the risk to critical infrastructure. Countries need to have strong government bodies which supervise cybersecurity in their country and work together with their counterparts in other countries by sharing information regarding threats and attacks against critical infrastructure. The discussion focuses on the challenges that threats to and attacks on critical infrastructure present, the possible solutions a government may implement in addressing cyberattacks on critical infrastructure and the accountability of state and non-state actors of cyberattacks on critical infrastructure. The issues are discussed from a legal perspective.
AB - Over the years cybersecurity threats to and cyberattacks on the critical infrastructure by state and non-state actors have escalated in intensity and sophistication. Cyberattacks, such as the 2017 NotPetya ransomware attack, the 2020 SolarWinds software supply chain attack and the 2021 Colonial Pipeline ransomware attack, illustrate the vulnerability of critical infrastructure to cyberattacks. Most cyberattacks are committed across borders involving criminal hackers or state supported hackers. Furthermore, critical infrastructure is increasingly interconnected and interdependent. Connectivity brings about the risk of a cyberattack, demonstrated by the 2021 Colonial Pipeline ransomware attack. Interconnectedness also means that the compromise of one critical infrastructure asset can have a domino effect that degrades or disrupts others and results in cascading consequences across the economy and national security. Operational continuity is essential and this may have been one of the reasons why Colonial Pipeline paid a ransom to cyber-attackers. A cyberattack on the critical infrastructure of a state cannot be seen in isolation as the consequences of the attack may impact other states, this was illustrated by the 2017 WannaCry and NotPetya ransomware attacks. The level of sophistication of cyberattacks has increased over the years as shown by the 2020 SolarWinds software supply chain attack. The escalation of attacks has served as a catalyst for governments to address the risk to critical infrastructure. Countries need to have strong government bodies which supervise cybersecurity in their country and work together with their counterparts in other countries by sharing information regarding threats and attacks against critical infrastructure. The discussion focuses on the challenges that threats to and attacks on critical infrastructure present, the possible solutions a government may implement in addressing cyberattacks on critical infrastructure and the accountability of state and non-state actors of cyberattacks on critical infrastructure. The issues are discussed from a legal perspective.
KW - critical infrastructure
KW - cyberattacks
KW - cybersecurity threats
KW - non-state cyber-attackers
KW - ransomware attacks
KW - software supply chain attack
KW - state
UR - http://www.scopus.com/inward/record.url?scp=85160781099&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85160781099
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 319
EP - 327
BT - Proceedings of the 21st European Conference on Cyber Warfare and Security, ECCWS 2022
A2 - Eze, Thaddeus
A2 - Khan, Nabeel
A2 - Onwubiko, Cryil
A2 - Onwubiko, Cryil
PB - Curran Associates Inc.
Y2 - 16 June 2022 through 17 June 2022
ER -