Risk Assessment for Critical Infrastructure: A Novel Approach using
OSINT Framework
Abstract
Critical infrastructures account for a significant portion of our modern
societies, underpinning the stability of our economies and societies.
Among these, the electricity grid takes a special place due to the
criticality of this industry and the potential impact of its failure.
However, due to the nature of modern threats, including cyber attacks,
this sector needs innovative approaches to threat identification and
elimination. Our research focuses on the utilization of Open Source
Intelligence technologies to protect critical infrastructures. This
study also discusses how Critical Infrastructures are vulnerable and
exposed to malicious attacks by discussing several significant cyber
attacks on critical infrastructure (CI) in the last decade. This
research is based on a framework developed for the current study,
arguing that OSINT tools can analyze the landscape in this industry and
how it can be used to mitigate potential risks. Targeting a company that
supplies electricity to Istanbul, we have extracted key information like
IPs, email addresses, open ports, services, etc, under a single
platform, which is an entry point for malicious activity to attack in a
sophisticated way. To the best of our knowledge, this is the first
framework developed utilizing OSINT tools and creating an integration of
OSINT tools to identify potential risks for energy sectors.