TY - GEN
T1 - Beyond SolarWinds: The systemic risks of critical infrastructures, state of play, and future directions
AU - Raponi, Simone
AU - Caprolu, Maurantonio
AU - Di Pietro, Roberto
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2021/1/1
Y1 - 2021/1/1
N2 - The just concluded 16th edition of the World Economic Forum's Global Risks Report has ranked Cybersecurity failure as a significant global threat. This awakening is not surprising, maybe even late, as witnessed by the reliance of large part of critical sectors on the cyber infrastructure during the undergoing pandemic, or like shown by the recent and devastating SolarWinds attacks, whose implications and aftermaths are still to be completely understood. In this paper, we provide several contributions towards the provisioning of a comprehensive, robust, and reliable framework for the cybersecurity of critical infrastructures. In particular, we first revise the scope and definition of critical infrastructures. Later, we expand the introduced concept to capture the modern deployment and operations of critical infrastructures, highlighting their interconnectedness and dependency with the software supply chain. Then, we show how the SolarWinds attack has exploited the defined model to perform one of the most devastating black hat operations ever seen. Finally, we also show some research directions to secure the software supply chain, calling for an approach that necessarily requires the interplay of sound theory, viable solutions, and legislation interventions.
AB - The just concluded 16th edition of the World Economic Forum's Global Risks Report has ranked Cybersecurity failure as a significant global threat. This awakening is not surprising, maybe even late, as witnessed by the reliance of large part of critical sectors on the cyber infrastructure during the undergoing pandemic, or like shown by the recent and devastating SolarWinds attacks, whose implications and aftermaths are still to be completely understood. In this paper, we provide several contributions towards the provisioning of a comprehensive, robust, and reliable framework for the cybersecurity of critical infrastructures. In particular, we first revise the scope and definition of critical infrastructures. Later, we expand the introduced concept to capture the modern deployment and operations of critical infrastructures, highlighting their interconnectedness and dependency with the software supply chain. Then, we show how the SolarWinds attack has exploited the defined model to perform one of the most devastating black hat operations ever seen. Finally, we also show some research directions to secure the software supply chain, calling for an approach that necessarily requires the interplay of sound theory, viable solutions, and legislation interventions.
UR - http://www.scopus.com/inward/record.url?scp=85114917010&partnerID=8YFLogxK
M3 - Conference contribution
SP - 394
EP - 405
BT - CEUR Workshop Proceedings
PB - CEUR-WS
ER -