Cyber-Physical Security and Critical Infrastructure


Most attacks involve human intervention, intentional or not, and have consequences in the physical world; yet cybersecurity and physical security are still handled in silos, creating vulnerabilities. This White Paper
explores the blurring frontier between these two worlds and describes how a holistic approach can help protect organisations and make them more resilient.
If the current conflict in Ukraine highlights cyber-attacks carried out in the context of war, it should be emphasized that they are also taking place in other regions experiencing tensions and latent conflicts,
such as in the Middle East between Iran and Saudi Arabia. Everyone remembers the Stuxnet attack in 2010, but who knows that it had been active since 2009, and had already infected a dozen companies
before attacking Iranian centrifuges? Stuxnet was different from any other virus or worm that had come before.

Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to physically destroy equipment those computers controlled. Then, in response to Stuxnet, there was the attack on Saudi Aramco by Shamoon in 2012, which compromised 30,000 computers. Finally, from 2016 to 2018, there were numerous attacks on Saudi Critical Infrastructure networks and on government agencies. And similar examples can be found in all parts of the world. Cyber-attacks are a strategic weapon of choice in conventional conflict and have been for a long time. They are a primary way in which States, organisations and individuals can harm other States, organisations, and individuals, whether in a public or private setting. And while computers may be the targets of infection, human action has shown to be a constant factor in these attacks.


Leave a Reply

Your email address will not be published. Required fields are marked *