No. | Threat | Explanation |
---|
1 | Unauthorised use of remote maintenance accesses | Maintenance accesses are intentionally created openings of the ICS network to the outside but are often not protected sufficiently. |
2 | Online attacks via office / enterprise networks | Office IT is usually connected to the Internet on many paths. Usually, there are also network connections from office into ICS network, so that offenders can invade on this way. |
3 | Attacks on used standard components in the ICS network | IT standard components (commercial off-the-shelf, COTS) like operating systems, application servers or databases usually contain faults and weak points that are exploited by offenders. If these standard components are also used in the ICS network, this will increase the risk of a successful attack on the ICS systems. |
4 | (D)DoS attacks | Network connections and necessary resources can be compromised and systems can be caused to crash by (distributed) denial of service attacks, for example to disturb the functionality of an ICS. |
5 | Human misbehaviour and sabotage | Deliberate acts – regardless whether by internal or external offenders – are a massive threat for all protection objectives. Besides this, negligence and human failure are a major threat especially regarding the protection objectives confidentiality and availability. |
6 | Introduction of malicious code via removable media and external hardware | The use of removable media and mobile IT components by external employees is always a great risk regarding malware infections. This aspect was important for Stuxnet for example. |
7 | Reading and writing messages in the ICS network | Since most control components communicate via plain text protocols and thus non-protected at the moment, eavesdropping and introducing of control commands is often possible without much effort. |
8 | Unauthorised access to resources | In particular internal offenders or subsequent attacks from outside have a walk-over if services and components in the process network implement nor or insecure methods for authentication and authorisation. |
9 | Attacks to network components | Network components can be manipulated by offenders, to make man-in-the-middle attacks or easy sniffing for example. |
10 | Technical misbehaviour and force majeure | Failures due to extreme environmental conditions or technical failures are always possible – risk and damage potential can only be minimised here. |