Estimating the vulnerability of industrial network infrastructure in Central and Eastern Europe

Mateusz Twardawa; Marek Smolik; Franciszek Rakowski; Jakub Kwiatkowski; Norbert Meyer

doi:10.35467/sdq/190350

System Informacji Naukowej Politechniki Poznańskiej

PL EN

Strona główna / Publikacje / Estimating the vulnerability of industrial network infrastructure in Central and Eastern Europe

Zgłoś uwagę

Artykuł

Pobierz BibTeX

Tytuł

Estimating the vulnerability of industrial network infrastructure in Central and Eastern Europe

Autorzy

Mateusz Twardawa (WIiT) ^{[ 1 ][ 2.3 ][ P ]}
Marek Smolik
Franciszek Rakowski
Jakub Kwiatkowski (WIiT) ^{[ 1 ][ D ]}
Norbert Meyer

^{[ 1 ]} Instytut Informatyki, Wydział Informatyki i Telekomunikacji, Politechnika Poznańska | ^{[ P ]} pracownik | ^{[ D ]} doktorant

Dyscyplina naukowa (Ustawa 2.0)

[2.3] Informatyka techniczna i telekomunikacja

Rok publikacji

2024

Opublikowano w

Security and Defence Quarterly

Rocznik: 2024 | Tom: in press

Typ artykułu

artykuł naukowy

Język publikacji

angielski

Słowa kluczowe

EN

critical infrastructure
network security
cyberattack
industrial control systems
national vulnerability

Streszczenie

EN Industrial infrastructure has suffered an unprecedented number of attacks in Central and Eastern Europe (CEE). This situation can be attributed to many geopolitical factors, including hybrid military conflicts and criminal activity. Industrial networks belonging to the countries that were once under Soviet influence suffer from an elevated risk of cyberattacks. The goal of this work is to propose an easy way to estimate the vulnerabilities of industrial networks to cyber threats on a national level. Since analysis of the industrial vulnerability landscape is difficult, this study proposes an assessment based on the popularity of vulnerable technologies—VPc. This metric is composed of search volume data on keywords related to industrial network technologies and reported security vulnerabilities associated with these words. Data on 116 keywords was analysed and a country-specific VPc index was calculated for twenty states in CEE. The analysis of the popularity of industrial technologies and vendors in CEE reveals interesting information about the industrial security and vulnerability landscape. The results show that some countries (e.g. Estonia) have more resilient industrial infrastructure than others (e.g. Belarus). The results presented in this study are not in conflict with other data and estimation attempts, including the National Cyber Security Index (NCSI). As new vulnerabilities are noted every day, the industrial security landscape changes rapidly. Therefore, a new easy-to-use metric (VPc) can be successfully used for general estimations. This work shows that the VPc score agrees with other estimates and analyses, but as with any other general estimation tool, it must be used with caution.

Data udostępnienia online

03.08.2024

DOI

10.35467/sdq/190350

URL

https://securityanddefence.pl/Estimating-the-vulnerability-of-industrial-network-infrastructure-in-Central-and,190350,0,2.html

Typ licencji

CC BY (uznanie autorstwa)

Tryb otwartego dostępu

otwarte czasopismo

Wersja tekstu w otwartym dostępie

ostateczna wersja opublikowana