How vulnerable is Norwegian critical infrastructure?

Paper published on quantitative vulnerability assessments for critical infrastructure 

Secure-NOK’s Yi-Ching Liao has, as part of the research project CybWin (Cybersecurity Platform for Assessment and Training for Critical Infrastructures) proposed a methodology for quantitative vulnerability assessments of a Nation’s critical infrastructure. 

Important to identify the weakest links

There are many examples of attacks that has exploited vulnerabilities many months or even years after they were published and patches were available. For example the well-known WannaCry ransomware attack that impacted several European critical infrastructure operators, including UK’s National Healthcare Service. While information security vulnerabilities are continuously growing, the sectors responsible for or involved in providing vital functions in society have different capacities for identifying time-varying vulnerabilities. To secure the weakest link, it is essential to obtain knowledge of the extent of the problem.

Quantifying vulnerabilities to the entire Norwegian critical infrastructure has not been properly conducted in the literature, we have therefore used the methodology to conduct an assessment of Norwegian critical infrastructure.  At the time of our assessment, we could identify power supply and transport as the weakest link.  Due to the time-varying vulnerabilities and the strong inter-dependencies between vital societal functions, it is in our opinion important to conduct such quantitative vulnerability assessment continuously and automatically.

Read the full paper

The paper was presented at The 15th International Conference on Critical Information Infrastructures Security in September 2020 hosted by University of Bristol. https://critis2020.blogs.bristol.ac.uk/

The paper can be found in the proceedings: https://link.springer.com/chapter/10.1007%2F978-3-030-58295-1_3  and by clicking here.