Cybersecurity Threats to and Cyberattacks on Critical Infrastructure: A Legal Perspective

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Citations (Scopus)

Abstract

Over the years cybersecurity threats to and cyberattacks on the critical infrastructure by state and non-state actors have escalated in intensity and sophistication. Cyberattacks, such as the 2017 NotPetya ransomware attack, the 2020 SolarWinds software supply chain attack and the 2021 Colonial Pipeline ransomware attack, illustrate the vulnerability of critical infrastructure to cyberattacks. Most cyberattacks are committed across borders involving criminal hackers or state supported hackers. Furthermore, critical infrastructure is increasingly interconnected and interdependent. Connectivity brings about the risk of a cyberattack, demonstrated by the 2021 Colonial Pipeline ransomware attack. Interconnectedness also means that the compromise of one critical infrastructure asset can have a domino effect that degrades or disrupts others and results in cascading consequences across the economy and national security. Operational continuity is essential and this may have been one of the reasons why Colonial Pipeline paid a ransom to cyber-attackers. A cyberattack on the critical infrastructure of a state cannot be seen in isolation as the consequences of the attack may impact other states, this was illustrated by the 2017 WannaCry and NotPetya ransomware attacks. The level of sophistication of cyberattacks has increased over the years as shown by the 2020 SolarWinds software supply chain attack. The escalation of attacks has served as a catalyst for governments to address the risk to critical infrastructure. Countries need to have strong government bodies which supervise cybersecurity in their country and work together with their counterparts in other countries by sharing information regarding threats and attacks against critical infrastructure. The discussion focuses on the challenges that threats to and attacks on critical infrastructure present, the possible solutions a government may implement in addressing cyberattacks on critical infrastructure and the accountability of state and non-state actors of cyberattacks on critical infrastructure. The issues are discussed from a legal perspective.

Original languageEnglish
Title of host publicationProceedings of the 21st European Conference on Cyber Warfare and Security, ECCWS 2022
EditorsThaddeus Eze, Nabeel Khan, Cryil Onwubiko, Cryil Onwubiko
PublisherCurran Associates Inc.
Pages319-327
Number of pages9
ISBN (Electronic)9781914587405
Publication statusPublished - 2022
Event21st European Conference on Cyber Warfare and Security, ECCWS 2022 - Chester, United Kingdom
Duration: 16 Jun 202217 Jun 2022

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume2022-June
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference21st European Conference on Cyber Warfare and Security, ECCWS 2022
Country/TerritoryUnited Kingdom
CityChester
Period16/06/2217/06/22

Keywords

  • critical infrastructure
  • cyberattacks
  • cybersecurity threats
  • non-state cyber-attackers
  • ransomware attacks
  • software supply chain attack
  • state

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Cybersecurity Threats to and Cyberattacks on Critical Infrastructure: A Legal Perspective'. Together they form a unique fingerprint.

Cite this