Estimating the vulnerability of industrial network infrastructure in Central and Eastern Europe
[ 1 ] ICT Security Department, Poznan Supercomputing and Networking Center (PSNC) | [ 2 ] Institute of Bioorganic Chemistry of the Polish Academy of Sciences, Jana Pawła II 10, 61-139, Poznań, Poland | [ 3 ] Chief Technology Officer, ICsec S.A., Wichrowa 1A, 60-449, Poznań, Poland | [ 4 ] Research and Development, Department, ICsec S.A., Wichrowa 1A, 60-449, Poznań, Poland | [ 5 ] Data Processing Technologies Division, Poznan Supercomputing and Networking Center (PSNC) | [ 6 ] nstitute of Bioorganic Chemistry of the Polish Academy of Sciences, Zygmunta Noskowskiego 12/14, 61-704, Poznań, Poland
2024
scientific article
english
- Critical infrastructure
- Cyberattack
- Network security
- Industrial control systems
- National vulnerability
- Bezpieczeństwo społeczne
- Bezpieczeństwo teleinformatyczne
- Cyberatak
- Infrastruktura krytyczna
- Infrastruktura techniczna
- Ubezpieczenia społeczne
EN Industrial infrastructure has suffered an unprecedented number of attacks in Central and Eastern Europe (CEE). This situation can be attributed to many geopolitical factors, including hybrid military conflicts and criminal activity. Industrial networks belonging to the countries that were once under Soviet influence suffer from an elevated risk of cyberattacks. The goal of this work is to propose an easy way to estimate the vulnerabilities of industrial networks to cyber threats on a national level. Since analysis of the industrial vulnerability landscape is difficult, this study proposes an assessment based on the popularity of vulnerable technologies—VPc. This metric is composed of search volume data on keywords related to industrial network technologies and reported security vulnerabilities associated with these words. Data on 116 keywords was analysed and a country-specific VPc index was calculated for twenty states in CEE. The analysis of the popularity of industrial technologies and vendors in CEE reveals interesting information about the industrial security and vulnerability landscape. The results show that some countries (e.g. Estonia) have more resilient industrial infrastructure than others (e.g. Belarus). The results presented in this study are not in conflict with other data and estimation attempts, including the National Cyber Security Index (NCSI). As new vulnerabilities are noted every day, the industrial security landscape changes rapidly. Therefore, a new easy-to-use metric (VPc) can be successfully used for general estimations. This work shows that the VPc score agrees with other estimates and analyses, but as with any other general estimation tool, it must be used with caution.
30.09.2024
53 - 73
CC BY (attribution alone)
open journal
final published version
30.09.2024
public
70