60 Handbook of SCADA/Control Systems Threat types Internal Natur < Deliberate | "aur agen tousrecien sate scat. | con wero ne sev, Santen toacerpoening | MOP dos) Accidena | LOBerrese ig badin en witis | Keprmumteate eh nil ote resening srl fvdng fre piotng Deterioration | Erin raven wether gue Kee nee. seemuecu aio Figure 4.4 Threat categories. also affect the area surrounding the infrastructure, meaning that the ability to respond to the event can be deteriorated significantly. Consider a serious storm—individuals needed to respond to an event may not be able to reach the facility. This is also a concern for busi- ness continuity planners who, from time to time, need to explain that plans may need to remain at the employee's home where they can be accessed if the facility cannot be. Deterioration, as a threat, can be deliberate (e.g, willful decision not to maintain an infrastructure) or accidental (e,, inadequate or nonroutine inspection or maintenance) The former case is a particular vulnerability where budget cycles and politics are linked— the cost of the maintenance of the infrastructure may lead to deficits, which, in fiscally restrained periods, are not politically acceptable. In the latter case, there will typically have been a change in some aspects of the infrastructure; for example, in the case of a bridge, it could be increased traffic, use of a new type of ice melter, different paving techniques or materials, a different paint type, and so on. Figure 4.4 summarizes the threat types and offers additional examples. Analysis of threats ‘As noted earlier, analysis answers the question, "How bad is it?” Regardless of the threat ‘under analysis, one must consider the likelihood of a threat agent exploiting a vulnerability to cause injury to an asset (risk), and the general impact of a successful attack. Threat assess- ‘ment takes it one step further, and answers the question, “How bad is it to us?” that is, the results of applying threat analysis to the assets, processes, systems, and enterprises under risk assessment. One method to conduct further threat analysis is described in the following. Understanding that the threat is the act or condition that provides the vector or path for injury to be caused to an asset, it is now useful to consider further the nature of the threat agent. He or she can be described in terms of what they actually do to cause the injury to the asset—such as a burglar committing a theft or an IT cracker breaching the firewall of a corporate enterprise system. From the commission of the act, which has a certain likelihood based on the COT discussed earlier, three important elements for threat analysis emerge: 1. The threat itself in terms of the nature of the injury involved and resultant impacts (such as theft leading to unauthorized disclosure or loss of assets) 2. The threat agent performing the actions that lead to the threat manifesting itself (such as the burglar committing the act of theft) @)@Secure_ICS