60 Handbook of SCADA/Control Systems
Threat types Internal
Natur <
Deliberate | "aur agen tousrecien sate scat. | con wero ne sev,
Santen toacerpoening | MOP dos)
Accidena | LOBerrese ig badin en witis | Keprmumteate eh
nil ote resening srl fvdng fre piotng
Deterioration | Erin raven wether gue Kee nee. seemuecu aio
Figure 4.4 Threat categories.
also affect the area surrounding the infrastructure, meaning that the ability to respond to
the event can be deteriorated significantly. Consider a serious storm—individuals needed
to respond to an event may not be able to reach the facility. This is also a concern for busi-
ness continuity planners who, from time to time, need to explain that plans may need to
remain at the employee's home where they can be accessed if the facility cannot be.
Deterioration, as a threat, can be deliberate (e.g, willful decision not to maintain an
infrastructure) or accidental (e,, inadequate or nonroutine inspection or maintenance)
The former case is a particular vulnerability where budget cycles and politics are linked—
the cost of the maintenance of the infrastructure may lead to deficits, which, in fiscally
restrained periods, are not politically acceptable. In the latter case, there will typically have
been a change in some aspects of the infrastructure; for example, in the case of a bridge, it
could be increased traffic, use of a new type of ice melter, different paving techniques or
materials, a different paint type, and so on. Figure 4.4 summarizes the threat types and
offers additional examples.
Analysis of threats
‘As noted earlier, analysis answers the question, "How bad is it?” Regardless of the threat
‘under analysis, one must consider the likelihood of a threat agent exploiting a vulnerability
to cause injury to an asset (risk), and the general impact of a successful attack. Threat assess-
‘ment takes it one step further, and answers the question, “How bad is it to us?” that is, the
results of applying threat analysis to the assets, processes, systems, and enterprises under
risk assessment. One method to conduct further threat analysis is described in the following.
Understanding that the threat is the act or condition that provides the vector or
path for injury to be caused to an asset, it is now useful to consider further the nature
of the threat agent. He or she can be described in terms of what they actually do to cause
the injury to the asset—such as a burglar committing a theft or an IT cracker breaching
the firewall of a corporate enterprise system. From the commission of the act, which has
a certain likelihood based on the COT discussed earlier, three important elements for
threat analysis emerge:
1. The threat itself in terms of the nature of the injury involved and resultant impacts
(such as theft leading to unauthorized disclosure or loss of assets)
2. The threat agent performing the actions that lead to the threat manifesting itself
(such as the burglar committing the act of theft)
@)@Secure_ICS