THREATS AND RISKS OF DIGITAL ECONOMY AT THE SECTORAL LEVEL

UDC 330.341

  • Kryshtanosau Vitaly Bronislavovich − PhD (Economics), post-doctoral student. Belarusian State Technological University (13a, Sverdlova str., 220006, Minsk, Republic of Belarus). E-mail: Krishtanosov@mail.ru

DOI: https://doi.org/10.52065/2520-6877-2022-256-1-28-52

Key words: digitalization, risks and threats, sectors and industries.

For citation: Kryshtanosau V. B. Threats and risks of digital economy at the sectoral level. Proceedings of BSTU, issue 5, Economics and Management, 2022, no. 1 (256), pр. 28–52 (In Russian). DOI: https://doi.org/10.52065/2520-6877-2022-256-1-28-52.

Abstract

There were identified the main approaches to the risk assessment associated with the introduction of modern digital technologies, including general technological components (IOT, BDA, AI, Blockchain, Cloud) and business operating (production) systems at the level of certain sectors and the branches. There were highlighted the most vulnerable industrial systems from the point of view of cyber threats, the risks of hacking of which can potentially apply the maximum damage to enterprises. It has been substantiated the reasonable interconnections in digitized environments of two relevant main networks: information and industrial (in industry, energy, agricultural and communal farms, telecommunications, logistics, financial sector, trade), which manifests the increase in the surface of the attack and more opportunities to distribute them. There have been made the empirical assessments of risks and threats in the main types of cyberatak on CIA methodology. There have been identified the most common cyber threats in the dynamics of their spread.

Download

References

  1. The 5G business potential. Ericsson. Stockholm, Ericsson AB., 2017. 10 р. Available at: https://www.terminsstarttelekom.se/upload/termin/pdf/pres475.pdf (accessed 10.02.2019).
  2. Moin S., Karim A., Safdar Z., Safdar K., Ahmed E., Imran M. Securing IoTs in distributed Blockchain: Analysis, requirements and open issues. Future Generation Computer Systems, 2019, no. 100, рр. 32549–343. Available at: https://doi.org/10.1016/j.future.2019.05.023 (accessed 14.03.2019).
  3. Singh S., Jeong Y.-S., Park J. A Survey on Cloud Computing Security: Issues, Threats, and Solutions. Journal of Network and Computer Applications, 2016, no. 75, pp. 200–222. DOI: 10.1016/j.jnca.2016.09.002.
  4. GAO. Internet of Things. Enhanced assessments and guidance are needed to address security risks. DOD United States Government Accountability Office Report to Congressional Committees. GAO-17-668. July 2017. Available at: https://www.gao.gov/assets/690/686203.pdf (accessed 17.08.2020).
  5. Kumar N., Mallick P. Blockchain technology for security issues and challenges in IoT. International Conference on Computational Intelligence and Data Science (ICCIDS 2018). Procedia Computer Science, 2018, no. 132, рр. 1815–1823. DOI: 10.1016/j.procs.2018.05.140.
  6. Chatfield A., Reddick C. A framework for Internet of Things-enabled smart government: A case of IoT cybersecurity policies and use cases in U.S. federal government. Government Information Quarterly, 2018, no. 36 (2), p. 12. DOI: 10.1016/j.giq.2018.09.007.
  7. Atlam H., Wills G. Intersections between loT and distributed ledger. Advances in Computers, 2019, vol. 115, рр. 74–113. DOI: 10.1016/bs.adcom.2018.12.001.
  8. Mylrea M. Smart energy-internet-of-things opportunities require smart treatment of legal, privacy and cybersecurity challenges. Journal of World Energy Law and Business, 2017, no. 10 (2), рр. 147–158.
  9. Tweneboah-Koduah S., Skouby K., Tadayoni R. Cybersecurity threats to IoT applications and service domains. Wireless Personal Communications, 2017, no. 95 (1), рр. 169–185.
  10. Zeadally S., Das A., Sklavos N. Cryptographic technologies and protocol standards for internet of things. Internet of Things, 2021, no. 14, р. 11. DOI: 10.1016/j.iot.2019.100075.
  11. Hasan M., Islam M., Zarif I., Hashem M. Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet of Things, 2019, no. 7, p. 14. DOI: 10.1016/j.iot.2019.100059.
  12. Pour M., Bou-Harb E., Varma K., Neshenko N., Pados D., Choo K.-K. Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns. Digital Investigation, 2019, no. 28, рр. 40‒49. DOI: 10.1016/j.diin.2019.01.014.
  13. Al-Qaseemi S., Almulhim H., Almulhim M., Chaudhry S. IoT architecture challenges and issues: Lack of standardization. Proceedings of FTC 2016 – Future technologies conference 2016. United States, San Francisco, 2016, рр. 731–738.
  14. Hogan M., Piccarreta B. NIST interagency report (NISTIR) 8200, interagency report on status of international cybersecurity standardization for the Internet of Things (IoT). Available at: https://csrc.nist.gov/publications/detail/nistir/8200/draft (accessed 20.02.2022).
  15. Minoli D., Occhiogrosso B. Blockchain mechanisms for IoT security. Internet of Things, 2018, no. 47-2, рр. 1–13. DOI: 10.1016/j.iot.2018.05.002.
  16. Tumpe M., Jagdev B. Investigating Security Issues in Cloud Computing. Complex, Intelligent and Software Intensive Systems (CISIS): Eighth International Conference IEEE. Birmingham, 2014, рр. 141–146.
  17. Khan W., Ahmed E., Hakak S., Yaqoob I., Ahmed A. Edge computing: A survey. Future Generation Computer Systems, 2019, no. 97, рр. 219–235. DOI: 10.1016/j.future.2019.02.050 0167-739X.
  18. Burger O., Hackel B., Karnebogen P., Toppel J. Estimating the impact of IT security incidents in digitized production environments. Decision Support Systems, 2019, no. 127 (10), p. 11. DOI: 10.1016/j.dss.2019.113144.
  19. Asghar M., Hu Q., Zeadally S. Cybersecurity in industrial control systems: Issues, technologies, and challenges. Computer Networks, 2019, no. 165, p. 16. DOI: 10.1016/j.comnet.2019.106946.
  20. Sorini A., Staroswiecki E. Cybersecurity for the smart grid. The Power Grid: Smart, Secure, Green and Reliable; edited by B. D’Andrade. Elsevier, 2017, pp. 233–252. DOI: 10.1016/B978-0-12-805321-8.00008-2.
  21. Yin L., Gao Q., Zhao L., Zhang B., Wang T., Li S., Liu H. A review of machine learning for new generation smart dispatch in power systems. Engineering Applications of Artificial Intelligence, 2020, no. 88, p. 12. DOI: 10.1016/j.engappai.2019.103372.
  22. Thakur K., Ali M., Jiang N., Qiu M. Impact of Cyber-Attacks on Critical Infrastructure. IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), High Performance and Smart Computing (HPSC) and Intelligent Data and Security (IDS). New York, 2016. DOI: 10.1109/BigDataSecurity-HPSC-IDS.2016.22.
  23. Kimani K., Oduol V., Langat K. Cyber Security Challenges for IoT-based Smart Grid Networks. International Journal of Critical Infrastructure Protection, 2019, no. 25, p. 18. DOI: 10.10167j.ijcip.2019.01.001.
  24. Tariq N., Asim M., Khan F. Securing SCADA-based Critical Infrastructures: Challenges and Open Issues. Procedia Computer Science, 2019, no. 155, pp. 612–617. DOI: 10.1016/j.procs.2019.08.086.
  25. Lam P., Ma R. Potential pitfalls in the development of smart cities and mitigation measures: An exploratory study. Cities, 2018, no. 91, pp. 146‒156. DOI: 10.1016/j.cities.2018.11.014.
  26. Townsend A. Smart cities: Big data, civic hackers, and the quest for a new utopia. New York, WW Norton & Company, 2013. 400 p.
  27. Doku R., Rawat D. Big Data in Cybersecurity for Smart City Applications. Smart Cities Cybersecurity and Privacy; edited by D. Rawat. 2019, pp. 103–112. DOI: 10.1016/B978-0-12-815032-0.00008-1.
  28. Ali M., Azad M., Centeno M., Hao F., van Moorsel A. Consumer-facing technology fraud: Economics, attack methods and q potential solutions. Future Generation Computer Systems, 2019, no. 100, рр. 408–427. DOI: 10.1016/j.future.2019.03.041.
  29. Nian L., Lee D., Chuen K. Introduction to Bitcoin. Handbook of Digital Currency: Bitcoin, Innovation, Financial Instruments, and Big Data; edited by D. Lee. Elsevier, 2015, pp. 6–30.
  30. Cryptocurrency anti-money laundering report. 2019. Available at: https://ciphertrace.com/q4-2019-cryptocurrency-anti-money-laundering-report/ (accessed 25.07.2020).
  31. Falliere N., Murchu L., Chien E. W32.stuxnet. dossier. Available at: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf (accessed 20.02.2021).
  32. Chen K. Information asymmetry in initial coin offerings (ICOs): Investigating the effects of multiple channel signals. Electronic Commerce Research and Applications, 2019, vol. 36 (4), p. 11. DOI: 10.1016/j.elerap.2019.100858.
  33. The number of crimes related to cryptocurrencies has decreased by 57%. Available at: https://coinspot.io/analysis/chislo-prestuplenij-svyazannyh-s-kriptovalyutami-snizilos-na-57/ (accessed 18.08.2021) (In Russian).
  34. Crypto Crime Report 2021. Available at: https://go.chainalysis.com/2021-Crypto-CrimeReport.html (accessed 03.04.2021).
  35. Gezer A., Warner G., Wilson C., Shrestha P. A flow-based approach for Trickbot banking trojan detection. Computers & Security, 2019, no. 84, рр. 179–192.
  36. Szopinski T. Factors affecting the adoption of online banking in Poland. Journal of Business Research, 2016, no. 69 (11), pp. 4763‒4768. DOI: 10.1016/j.jbusres.2016.04.027.
  37. Lopez P., Martin H. Hardware Trojans against virtual keyboards on e-banking platforms – A proof of concept. AEU-International Journal of Electronics and Communications, 2017, no. 76, рр. 146–151. DOI: 10.1016/j.aeue.2017.04.003.
  38. The Global Risks Report, 2022. Available at: https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf (accessed 19.01.2022).
  39. Cyber Threats for Financial Organizations in 2021. Report of Kaspersky Lab. Available at: https://securelist.ru/cyberthreats-to-financial-organizations-in-2021/99420/ (accessed 08.08.2022) (In Russian).
  40. Scammers have no mercy to bank customers. Kommersant” [Kommersant], 2021, 9 July. Available at: https://www.kommersant.ru/doc/4897743?tg (accessed 10.08.2021) (In Russian).
  41. Buylov M., Dement’eva K., Stepanova Yu. The Internet of Things came for money. Russian banks reflected the largest DDoS attack. Kommersant” [Kommersant], 2021, 3 September, р. 7 (In Russian).
  42. Reporting review on information security incidents when transferring funds. Available at: https://www.cbr.ru/analytics/ib/review_2q_2021/ (accessed 08.10.2021) (In Russian).
  43. Eder-Neuhauser P., Zseby T., Fabini J., Vormayr G. Cyber attack models for smart grid environments. Sustainable Energy, Grids and Networks, 2017, 22 р. Available at: http://dx.doi.org/10.1016/j.segan.2017.08.002 (accessed 04.12.2019).
  44. Bhardwaj A., Avasthi V., Goundar S. Cyber security attacks on robotic platforms. Network Security, 2019, October, рр. 13–19. DOI: 10.1016/S1353-4858(19)30122-9.
  45. Papakostas N., Newell A., Hargaden V. A novel paradigm for managing the product development process utilising blockchain technology principles. CIRP Annals – Manufacturing Technology, 2019, no. 68, рр. 137–140.
  46. Simon J., Omar A. Cybersecurity investments in the supply chain: Coordination and a strategic attacker. European Journal of Operational Research, 2020, vol. 282 (1), pp. 161–171. DOI: 10.1016/j.ejor.2019.09.017.
  47. Ferrag M., Ahmim A. Security Solutions and Applied Cryptography in Smart Grid Communications. Hershey, PA. IGI Global, 2016. 464 p. DOI: 10.4018/978-1-5225-1829-7.
  48. Li X., Liang X., Lu R., Shen X., Lin X., Zhu H. Securing Smart Grid: Cyber Attacks, Countermeasures, and Challenges. IEEE Communications Magazine, 2012, vol. 50, no. 8, рр. 38–45. DOI: 10.1109/MCOM.2012.6257525.
  49. Kitchin R. Getting Smarter About Smart Cities: Improving Data Privacy and Data Security. Dublin, Ireland, Data Protection Unit, Department of the Taoiseach, 2016. 82 p.
  50. McClure S., Scambray J., Kurtz G. Hacking exposed: Network security secrets and solutions. Berkeley, California, Osborne/McGraw-Hill, 2001. 703 p. Available at: https://theswissbay.ch/pdf/Gentoomen%20Library/Security/Hacking%20Exposed-Network%20Security%20-%20Secrets%20%26%20Solutions%2C%202nd%20Ed.pdf (accessed 23.02.2020).
  51. Bailey T., Maruyama A., Wallance D. The energy-sector threat: How to address cybersecurity vulnerabilities. McKinsey Report, 2020, November, p. 12. Available at: https://www.mckinsey.com/~/media/mckinsey/business%20functions/risk/our%20insights/the%20energy%20sector%20threat%20how%20to%20address%20cybersecurity%20vulnerabilities/the-energy-sector-threat-how-to-address-cybersecurityvulnerabilities-f.pdf?shouldIndex=false (accessed 11.12.2020).
  52. On approval of a list of security threats that are relevant in the processing of biometric personal data, their verification and transmission of information on the degree of compliance with the physical biometric personal information provided by the biometric personal data in the information systems of organizations carrying out identification and / or authentication with the use of biometric personal data of physical persons, with the exception of a unified information system for personal data, including the collection and storage of biometric personal data, their verification and transmission of information about the degree of their compliance with the
    physical person provided by biometric personal data, as well as relevant in the interaction of state bodies, local
    governments, individual entrepreneurs, notaries and organizations, with the exception of the organizations of the financial market, with the indicated information systems, taking into account the assessment of possible harm conducted in accordance with the laws of the Russian Federation of personal data, and taking into account the type of accreditation of an organization among the organizations referred to in parts of 18.28 and 18.31 of Article 14.1 of the Federal Law of July 27, 2006 No. 149-FZ “On information, information technologies and information protection”: Order of the Ministry of digital development, communications and mass communications of the Russian Federation of 01.09.2021 No. 902. Official Internet portal of legal information. Available at: http://publication.pravo.gov.ru/File/GetFile/0001202111030007?type=pdf (accessed 07.01.2022) (In Russian).
  53. Mahdavifar S., Ghorbani A. Application of deep learning to cybersecurity: A survey. Neurocomputing, 2019, no. 347, рр. 149–176. Available at: https://doi.org/10.1016/j.neucom.2019.02.0560925-2312 (accessed 05.11.2020).
  54. Maestre V. Swarm and Evolutionary Computation. 2017. 15 p. Available at: http://dx.doi.org/10.1016Zj.swevo.2017.07.002 (accessed 25.03.2019).
  55. Tirole J. Economics for the Common Good. Princeton University Press, 2017. 576 p. Available at: https://gdsnet.org/Tirole2019FrontMatterChapt1.pdf (accessed 04.12.2018).
  56. Wang E., Liang Z., Chen C.-M., Kumari S., Khan M. PoRX: A reputation incentive scheme for blockchain consensus of IioT. Future Generation Computer Systems, 2020, no. 102, pp. 140‒151. DOI: 10.1016/j.future.2019.08.005.
  57. Heritage I. Protecting Industry 4.0: challenges and solutions as IT, OT and IP converge. Network Security, 2019, October, pp. 6‒9. DOI: 10.1016/S1353-4858(19)30120-5.
  58. Mansfield-Devine S. Nation-state hacking threat to everyone. Computer Fraud & Security, 2018, August, pp. 17‒20. DOI:10.1016/S1361-3723(18)30077-0.
  59. Communications Fraud Control Association (CFCA). Announces Results of Worldwide Telecom Fraud Survey. 2016. Available at: https://goo.gl/H1VLae (accessed 14.02.2019).
  60. Kessem L., Widens T. Its attack scope in Spain, Brings redirection attacks to local banks. July 19, 2017. Available at: https://securityintelligence.com/TrickBot-habla-espanol-trojan-widens-its-attack-scopein-spain-brings-redirection-attacks-to-local-banks (accessed 07.12.2018).
  61. Khattak S., Ramay N., Khan K., Syed A., Khayam S. A taxonomy of botnet behavior, detection, and defense. IEEE Communications Surveys & Tutorials, 2014, vol. 16 (2), pp. 898–924.
  62. Yan T., Schulte P., Lee D., Chuen K. InsurTech and FinTech: Banking and Insurance Enablement. Handbook of Blockchain, Digital Finance, and Inclusion, 2018, vol. 1, pp. 249–281. DOI: 10.1016/B978-0-12-810441-5.00011-7.
  63. Sturm L., Williams C., Camelio J., White J., Parker R. Cyber-physical Vulnerabilities in Additive Manufacturing Systems: A Case Study Attack on the STL file with human subjects. Journal of Manufacturing Systems, 2017, no. 44, pp. 154–164.
  64. Stark M., Kind S., Neumeyer S. Innovations in Digital Modelling for Next Generation Manufacturing System Design. CIRP Annals Manufacturing Technology, 2017, no. 66 (1), pp. 169–172.
  65. Lee R., Assante M., Conway T. Analysis of the Cyber Attack on the Ukrainian Power Grid. 2016. Available at: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2016/05/20081514/EISAC_SANS_Ukraine_DUC_5.pdf (accessed 07.11.2017).
  66. Sharma S., Kaushik B. A survey on internet of vehicles: Applications, security issues & solutions. Vehicular Communications, 2019, September, pp. 1–44.
  67. Manvi S., Tangade S. A survey on authentication schemes in VANETs for secured communication. Vehicular Communications, 2017, no. 9, pp. 19–30.
28.02.2022