Introduction

The rapid development of digital technologies and their wider application have a significant side effect — an ever-increasing level of cyber threats.  According to a report by IBM X-Force Incident Response and Intelligence Services, the number of cyber attacks designed to steal data and disable critical infrastructure systems has tripled in the first half of this year.  According to the forecasts of the Cyber Security Center of the World Economic Forum, in 2020, 74% of all global companies will be subject to virtual attacks [1].  This problem is actively discussed in Russia, USA and other countries and international organizations.

The main task  of a national state is  to defend national security, which means  the protection of its citizens, economy and institutions. Originally, national security protects a nation  from military threats, but nowadays its scope is broader and includes security from terrorism and crime, security of economy, energy, environment, food, critical infrastructure, and finally cyber security.

Cyber security today is one of the most important topics in the modern world.  But first, the concepts of cyber security and information security, which are confused by a huge number of people, should be divided.  First and foremost, cyber security is a subset of information security.

A cyberattack is any type of offensive  action by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

All these are confirmed by the almost daily news bulletins, which reported about the new attacks of the criminals in the information sphere. The number of malicious objects that are detected in the network every year  is more than 100 million Internet addresses [2].Every year this number increases by 40% . Attacks in the information space damage, which is estimated at $ 100 billion [3].

There are many definitions of critical infrastructures, which mirror cultural trends and historically evolving political needs [4]. The common features of all these definitions include the idea that infrastructures are general purpose means to different kinds of human activities, in particular economic activities, but also activities necessary to protect the security and health.

Although nowadays all the systems that are comprised in critical infrastructure rely on information communication technology (ICT) networks and services, they are not equally sensitive to attacks through cyber means. For example, hospitals and telecommunication systems, energy, banking and finance, and postal sectors, all rely on cyber infrastructure to a such a degree that makes them obvious targets to an attacker.

The definition of what counts as a cyber-attack to infrastructure is ambiguous, hence we introduce a classification of attacks by means of two orthogonal conceptual distinctions, leading to four distinct kinds of cyber-attacks to infrastructure. The types of attacks to critical infrastructure can be distinguished on the basis of the means of attack, as mere cyber-attacks vs. attacks with a physical component (physical or cyber-physical) and on the basis of the outcome damage, which can be physical (or physical and functional) vs. purely functional There are  four possible combinations of means of attack and damage and all kinds of cyber-attacks.

First, in terms of the damage caused by the attack, we can distinguish physical or physical-functional from merely functional attacks. In this definition, when the attack is merely functional, the only object that gets destroyed is information. Although malfunctioning and disruption of services may follow from the attack, there is no physical damage. In a physical attack, the attacked object is “persons, property or infrastructure attacked through cyberspace” [5].

The distinction can be more precise by appealing to a criterion that has been suggested in the law of armed conflict. According to this criterion, a cyber operation counts as a physical attack if “restoration of functionality requires replacement of physical components”

 Ordinary physical attacks to physical infrastructure causing physical damage), e.g. shooting a missile to bring down a bridge or throwing poison in the water pipes may not belong to the realm of cyber security. However, some such attacks do, for example, the use of drones hacked or guided by malicious AI to carry explosives in the proximity of a dam. An instance of physical attack without physical damage can be the use of graphite bombs, which spread extremely fine carbon filaments over electrical components that cause fully recoverable physical damage to the infrastructure: a short-circuit and a disruption of the electrical supply.

This clearly counts as a cyber security threat. An example  is Stuxnet, the virus targeting the Siemens software that operated the uranium enrichment facility in Iran, in which the attacked objects were the turbines themselves, not just the information in the system. In this case, the means of the attack, unlike the case involving drones, were merely informational (a piece of software), but the goal was to physically damage the turbines. This includes, for example, DDoS attack that disrupt the processes of critical systems as well as the use of social media bots to spread dissent and convey political messages

 An example is the sustained DDoS attack against the Chinese national domain name resolution registry on 25 August 2013, which interrupted or slowed down connectivity without any lasting physical damage. Therefore, the same critical infrastructure, e.g. the Internet, can be attacked by causing physical or merely functional damage, i.e. by targeting respectively its hardware or software components. The Internet is also vulnerable to both physical and ‘merely cyber’ means of attacks, e.g. missiles destroying servers and DDoS attacks, respectively. In all cases, the main impact on the population is that Internet connectivity is reduced, slowed down or made sloppy.

Cyber security of Industrial Control Systems

The threat of cyber-attacks to infrastructure is capable of motivating the state to enhance its cyber capabilities. Unfortunately, some countermeasures of the state do not lead to enhancing the country’s cyber defenses directly, but rather enhancing investigative and retaliatory capabilities. State officials may recognize that there are structural limits that prevent improving the cyber defenses of some critical infrastructures to the degree needed by national security objectives, or at least, there are such limits for any society that is not ready to renounce the efficiency advances brought by increased connectedness through ICT. As Maglaras et al. point out, these limits are due to the current industrial control system network, which is a “unique environment, that combines large scale, geographically distributed, legacy and proprietary system components” [6].

In a sense, the combination in the same network of ad hoc programmable logical controllers and proprietary systems (unconventional solutions) with well-documented protocols and off-the-shelf hardware solutions (conventional solutions) is the worst of all worlds from the point of view of cyber security. While unconventional solutions (which are still in place) may be poorly understood by cyber security specialists, the use of conventional ones threatens to undermine the obscurity of previous configurations, which are used to protect them from simple attacks. The combination of both solutions in the same network means that although the benefit of obscurity may be significantly reduced, it will still be very costly to guarantee high levels of security to such systems, as it requires ad hoc solutions.

The challenge in improving the strictly defensive cyber security program of industrial control systems may lead, as a logical response by concerned politicians, to enhancing the capabilities of attack and surveillance by state agencies. This can be considered a strategy of prevention of attacks to critical infrastructure, and perhaps even retaliation, which appears all the more necessary for its  protection, is so challenging from a technical and financial perspective.

In 2013, some hackers breached the control system of a dam near New York through a cellular modem and infiltrated the U.S. power grid system, gaining enough remote access to control the operations networks of the power system. The hackers targeted Calpine Corporation, a power producer with 82 plants operating in 18 states and Canada. Opening a pathway into the networks running the U.S. power grid was not difficult as the infrastructure was outdated and its ICT network was not sufficiently protected  [7].

Previously, alleged various cyber-attacks from Russia and China to networks of the U.S. power grid were discovered, but in the case of the dam near New York, the hackers gathered much more data: passwords to connect remotely to the power grid’s networks and detailed engineering drawings of networks and power stations from New York to California. Potentially they would have been able to shut down generating stations and cause blackouts, but their infiltration was discovered before they started damaging the power grid. The digital clues that were gathered pointed to Iranian hackers. In the same period, hackers linked to the Iranian government attacked American bank websites. These attacks were Iran’s retaliation for Stuxnet.

It is likely that the infiltration into Calpine’s network was part of the Iranian counter-attack and thus it can be considered a case of cyber warfare. The Calpine case shows that the exploits of vulnerabilities in the ICT systems by governments produces a cyber arms race. In fact, while the Stuxnet attack did not harm innocent civilians, the data gathered by the hackers attacking Calpine would have harmed civilians, if the plan had been completed. Furthermore, the aim of the Stuxnet attack was considered a worthy one by the majority of the international community, as it consisted in preventing Iran from acquiring nuclear weapons, even though it raised several moral concerns. [8] A final ethical issue that characterizes the Calpine case is the tension between resource investment and security: enhancing the network security of energy infrastructures is a costly operation that requires significant investments.

 Hacking of Citizens’ Telephone

In many countries in Europe and in the U.S., law enforcement and investigation can legally hack the devices of targets if required by a court order. In Italy, the police used Exodus, which is a spyware for smartphones, to gather data from criminals’ cell phones (e.g. their telephone book, call and browsing history, GPS position, text messages, audio recordings of the phone’s surroundings, etc.) and to send commands to the infected cell phone via a port and a shell. Exodus was uploaded in more than 20 Android applications on the official Google Play Store, which were mostly apps to receive promotions and marketing offers or to improve the smartphone’s performance. Thus, these apps attracted and were downloaded by innocent people. Their phone was infected because Exodus installed itself on any phone without validating that the target was legitimate, whereas it should have checked the devices’ IMEI to verify if the phone was intended to be targeted. Moreover, the port that was opened by Exodus could be exploited by anyone on the same Wi-Fi network, thus enabling the hacking of the infected phone to third parties. Google declared that less than 1000 mobile phones of Italian customers were infected [9].

In such a case we see, first, the opposition between national security in the form of the fight against crime, which is the aim pursued by the Italian state police and magistrates, versus the practical realization of this aim. The latter involved innocent people and the violation of their privacy for no legitimate reason, since they were not under investigation. Furthermore, these people were rendered more vulnerable, as the infection their mobile phone could be hacked by potentially everyone. Second, we observe a tension between legality and security, as the Italian legal framework of cyber security is not keeping pace with the new technologies adopted in criminal surveillance.. The results of such legal framework are that Exodus could be equated with old physical surveillance devices such as hidden microphones, whereas it is much more invasive

 The society that the State police hired to develop Exodus is to be held responsible for infecting non-targeted people, as it deliberately uploaded the apps with Exodus on Play Store, most likely in order to use innocent customers as oblivious experimental subjects for its software. Thus, it is likely that Exodus’s failure to check the target’s IMEI was not a programming error [10]. Finally, Apple adopts filters that prevent malware from slipping onto its store that are stricter than those employed by Google. Apple’s higher level of control protects its customers but has repercussions on the prices of Apple devices. This means that citizens’ privacy is not equally protected: citizens with more economic resources can afford Apple’s devices and be more protected.

US Military to Defend Infrastructure

The U.S. Department of Defense and U.S. Cyber Command  (USCybercom) carry out active cooperation with the Ministry of Energy  in the implementation of joint projects in which the military  studied the energy sector. To prevent cyber attacks with possible catastrophic consequences they considered the option of strengthening cooperation between DOE, the structures of the energy sector of the   Pentagon.

At the international exhibition-conference of the Association of the US army AUSA-2019, held in Washington I 2019, general Steven Hager, the Deputy commander of the National Cyber-Force, units engaged in the protection of national infrastructure, said that the training was conducted in the Grid X with the participation of the military and representatives of the DOE, which simulated a catastrophic failure of the energy supply system and worked out joint actions for strengthening the protection of critical assets. The aim of the joint exercise was to determine areas of assistance to the energy sector of the United States in emergency circumstances.

The Pentagon provides for the establishment of response teams, undertaking counter-actions against cyber threats. Unit CNMF will be monitored for specific opponents and to alert to possible attacks before they reach the U.S. cyber. The offensive cybernetic structure of this group may also conduct defensive cyberspace operations, including responses to immediate threats [11].

USCybercom, continuously tracking the situation in the virtual space, has the ability to control the situation inside the country and outside of USA networks, and to provide warning to potential intruders. In 2018 the authority of this command was expanded to prevent attacks  having a right to make preventive attacks on an adversary’s system. Existing industrial control system, Supervisory Control and Data Acquisition (SCADA), taking into account their vulnerability and importance for the solution of offensive and defensive tasks are the objects of study of the military. SCADA delivers information from the sensors at a convenient operator form allowing operating personnel to more effectively manage the process and the possibility of local and remote access enables you to make changes. A large part of the energy sector infrastructure differs from the Internet infrastructure, and requires  a deeper study of USCybercom.

Cyber Security in Russia

Information security is one of the most important components of preserving the sovereignty of Russia, and the creation of an alternative segment of the «sovereign» Russian Internet has become urgent due to the sanctions policy of Western countries.

In Russia on November 1-st 2019 came into force the Federal law  «On Amendments to the Federal law «On communications…» or the law «On Sovereign Runet», signed by Vladimir Putin, whose main purpose is not to disable or restrict access to the virtual space, and to ensure continuity of digital information transmission.

Although Russia is technically ready for a hostile manifestation on the part of the West and is able in the country to block all outbound traffic, the President of Russia Vladimir Putin in February this year at a meeting with representatives of Russian information agencies and print media stressed that Russia is not going she «to disable».

The creation of a national network will not close Russia off from the world, but in the field of defense and security should be created its own information network, which cannot be influenced from outside and disturb the work of strategic objects, such as, for example, nuclear power plants and communication systems.

Key Russian companies signed with the government eight agreements on the development of high technology in specific areas that relate to the implementation of a distributed registry, Internet of things, quantum sensors and wireless communication of the fifth generation. The development of these areas provides for the transition from «hardware» to «intelligence», which will promote growth in the long term. Currently, different countries are developing intelligent recognition software of information content using technologies of artificial intelligence and machine learning is the identification of objects, the image which is present in the videos and made attempts to recognize fake news.

Possible threats and fakes should not affect the operation of the Russian segment of the network and the national system of routing Internet traffic. These acts provide locking of resources, banned in Russia and  ensuring the security of the country. Set rules for traffic routing that minimize the transfer of data abroad Russian users. Russian providers of Internet services must have adaptations for disable and Internet traffic through the exchange point, which will be controlled by the state regulator communications – Roskomnadzor. Like the national payment system «World», initiated in response to the threat of disconnection from the international SWIFT banking program, will create a national domain zone is protected from external influences.

The Ministry of Defense of the Russian Federation creates its own closed system of exchange of digital information a «military Internet», for the independent functioning of the laid fiber-optic cable through the Arctic. It is possible that a «military Internet» will be used in the national network.

                In our country the development of a strategic plan to build a 5G network  by “Rostech» will have established an experimental network in one of the regions of Russia. Internet disconnection may occur in case of unexpected rupture of fiber optic cables, which girded the entire land of the planet and laid on the bottom of the ocean.

Issues of information sovereignty are important  not only for  Russia but also China, India, European countries. Filtering Internet content exists in different countries. In Germany, Facebook is obliged to delete the records if they contain illegal information. In China, the system of control over the Internet was initiated with the launch of the project «Golden shield» is the unofficial name of the Great Firewall of China, which restricts access to some foreign sites. Links to foreign sources is only possible by special permission, the web pages are filtered by keywords related to public safety, and traces of banned addresses.

In India 4G network and fiber optic Internet covers 99% of the country, media reported. For two years the country has risen to 155‑th place, the bandwidth consumption on the first, surpassing the United States. The leading Indian telecommunications company Jio is preparing to introduce 5G and 6G networks, which will be in demand for unmanned vehicles and the capabilities of smart homes and cities, providing high-speed data processing services from millions of devices.  The Indian Ministry of Communications has also developed a legal mechanism to turn off the Internet for emergency security purposes.

Information technology and computer networks permeate all existing systems and associated public service, health, science, transport, communications, banking, energy, defense and industry. The danger of cyber attacks, a consequence of impact which can be not only material losses, but environmental, social, macroeconomic shocks, especially for large institutions and facilities of vital importance.

According to the Federal law «About the security of critical information infrastructure of the Russian Federation» and the program «Digital economy,»  that came into force on 1 January 2018, such   objects  as information systems and networks constitute the critical information infrastructure of Russia. The main principle of security and resilience to cyber attacks are measures to prevent malicious intrusion.

The Federal security service is responsible for the information security system in the country and the protection of critical resources of the Russian Federation from cyber attacks and external influences. Information revealing the state of security of critical information infrastructure of the Russian Federation from computer attacks, and measures to ensure their safety are a state secret.

Major threats to cyber security, according to Russian  Defense Minister Sergei Shoigu, comparable to the “weapons of mass destruction». In the interests of national defense the Ministry of Defense of Russia is carrying out of constant monitoring, information operations and countermeasures to protect the country’s military  infrastructure.

As a result of computer intrusion and impact on the electronic network can be a negative impact on the physical component. Cyber is a complex system of physical elements which receives data from the environment and uses them to further optimize management processes. Interference in cyber-physical systems of critical infrastructure could have an impact on the country’s national security. Thus, the introduction of «smart grid» energy supply, transport control system, remotely monitors the condition of patients, medical equipment, automated control systems of industrial production may have negative consequences.

In 2018, the State detection system of warning and liquidation of computer attacks  the Gossipy revealed more than 4.3 billion of computer effects in the critical information infrastructure of Russia. The Goscope is designed to provide and control security CUES in the Russian Federation and in diplomatic missions abroad. More than 17 thousand cyber attacks have been identified as the most dangerous.

Conclusion

Strategic priorities of Russia and many other countries aimed at protecting critical infrastructure, which may face a number of threats including cyber.

Given the widespread use of IT (information technology) in various industrial and economic fields, the development of systems and approaches in the field of cyber security is one of the priority areas and requires constant improvement, taking into account the constant emergence of new types of cyber threats.  In this regard, an important aspect of the solutions created is updating information on existing types of cyber threats, as well as information on their elimination and maintaining the current degree of cyber defense of the internal infrastructure.

The issue of cyber security plays a key role, since the internal information infrastructure has  a huge amount of structured and unstructured data, which  need huge resources to  defend  objects against  cyber threats.

In conclusion, we note that the future of both national and global information security will depend on the extent to which states show a willingness for constructive cooperation in solving pressing information security problems.  Since the Internet does not recognize state borders, efforts to ensure its security must be international.