About the Journal
About the Journal
Editorial Board
Scientific Council
Reviewers
Ethical Code
Special Issue
Terms of the journal
GDRP - information on the processing of personal data
Indexing
Licenses & Access
Archive
For Authors
Publishing Policy
Technical instruction for the authors
Agreement CC BY-SA
Copyright statement
Review procedure
The procedure of reviewing
Reviewer's form
List of reviewers
Contact
About the Journal
About the Journal
Editorial Board
Scientific Council
Reviewers
Ethical Code
Special Issue
Terms of the journal
GDRP - information on the processing of personal data
Indexing
Licenses & Access
Incident risk reduction based on risk analysis in the operational cyberspace of the fire brigade. Cybersecurity perspective.
1
The Main School of Fire Service in Warsaw
2
Szkoła Główna Służby Pożarniczej
Submission date: 2022-11-14
Final revision date: 2023-02-12
Acceptance date: 2023-02-22
Publication date: 2023-04-29
JoMS 2023;50(1):445-465
KEYWORDS
TOPICS
ABSTRACT
Objectives:
The purpose of the study was to analyze past cyber attacks on fire department operational systems and to assess the risks of a cyber incident.
Material and methods:
Analysis of data from open sources and bicriteria analysis of studies in scientific databases were used. A graphical method for assessing the level of risk using a two-dimensional matrix was also used.
Results:
The highest risk level of 15 was recorded for phishing attacks in Confidentiality and Availability of data, followed by ransomware attacks in the same area. In the area of drone events in firefighting operations, the highest risk level of 6 was recorded for GPS Spoofing attacks during a mass event in terms of data availability (Availability).
Conclusions:
To date, fire department cyber incidents have not affected business continuity. However, in the event of a mass or hybrid incident, the occurrence of an incident in operational systems, can significantly reduce operational capacity and thus affect life-saving operations.
The purpose of the study was to analyze past cyber attacks on fire department operational systems and to assess the risks of a cyber incident.
Material and methods:
Analysis of data from open sources and bicriteria analysis of studies in scientific databases were used. A graphical method for assessing the level of risk using a two-dimensional matrix was also used.
Results:
The highest risk level of 15 was recorded for phishing attacks in Confidentiality and Availability of data, followed by ransomware attacks in the same area. In the area of drone events in firefighting operations, the highest risk level of 6 was recorded for GPS Spoofing attacks during a mass event in terms of data availability (Availability).
Conclusions:
To date, fire department cyber incidents have not affected business continuity. However, in the event of a mass or hybrid incident, the occurrence of an incident in operational systems, can significantly reduce operational capacity and thus affect life-saving operations.
REFERENCES (34)
1.
Arampatzis, A. (2022). Bezpieczeństwo cybernetyczne a drony: Jak radzić sobie z zagrożeniami dla bezpieczeństwa,https://sklep.pf-electronic.pl..., (dostęp: 27.10.2022).
2.
Bischoff, P. (2022). Ransomware attacks on US government organizations cost over $70bn from 2018 to October 2022,https://www.comparitech.com/bl..., (dostęp: 23.10.2022).
3.
Blischoff, P. (2021). The State of Phishing in the US: Report and Statistics 2021,https://www.comparitech.com/bl..., (dostęp: 23.10.2022).
4.
Brooks, Ch.J., Grow, Ch., Craig, P. Short D. (2018). Cybersecurity Essentials, Sybex.
5.
Chevreaux, J. Owen, P. Donaldson, K. Bright, K. Largen, A. Meiselman, D. Kirsanova, K. Borinski, M. Uribe, A. (2021). Cybersecurity for Fire Protection Systems. Final Report. Fire Protection Research Foundation, Quincy (MA, USA).
6.
Chevreaux, J., Owen, P., Donaldson, K., Bright, K., Largen, A., Meiselman, D., Kirsanova, K., Borinski, M., Uribe, A. (2021). Cybersecurity for Fire Protection Systems. NFPA, https://www.nfpa.org/-/media/F..., (dostęp: 23.10.2022).
7.
Cooper, H. Government agencies are conducting more and more services online, but they are struggling to stay ahead of hackers trying to steal valuable personal information. w: Protecting against cyberattacks: a guide for public safety leaders, https://www.iafc.org/docs/defa..., (dostęp: 14.10.2022).
8.
Dupuy, A., Nussbaum, D., Butrimas, V., Granitsas, A., Bezpieczeństwo energetyczne w czasach wojny hybrydowej, https://www.nato.int/docu/revi..., (dostęp: 14.10.2022).
11.
Federal Bureau of Investigation, Internet Crime Report. (2021). https://www.ic3.gov/Media/PDF/..., (dostęp: 16.10.2022).
12.
Feltynowski, M. (red.). (2019). Wykorzystanie bezzałogowych platform powietrznych w operacjach na rzecz bezpieczeństwa publicznego. Józefów: Wyd. CNBOP-PIB.
13.
Garbe, W. (2018). Ransomware Attacks Against Riverside, Ohio, Worse than Initially Thought, https://www.govtech.com/securi..., (dostęp: 16.10.2022).
14.
Global Risk Management Survey. (2021). AON, Cover – 2021 Global Risk Management Survey (aon.com), (dostęp: 29.10.2022).
15.
Kosik, J. What Fire Departments Can Do to Combat Ransomware, https://www.firehouse.com/tech..., (dostęp: 16.10.2022).
16.
Liwo, M.A. (2020). Państwowa Straż Pożarna jako jeden z zasadniczych podmiotów publicznych w sprawach zapewnienia określonego rodzaju bezpieczeństwa i porządku. Przegląd Prawa Publicznego, (11), 105–132.
17.
Maia, E., Praça, I., Mantzana, V., Gkotsis, I., Petrucci, P., Biasin, E., Kamenjasevic, E., Lammari, N. W: Soldatos, J., Philpot, J., Giunta, G. (red.). (2020). Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures, Boston-Delft, http://dx.doi.org/10.1561/9781..., (dostęp: 10.10.2022); zob. także: Cyberbezpieczeństwo w ochronie zdrowia 2022 – raport.
18.
Malenkovich, S. (2019). Czy można zabezpieczyć się przed fałszowaniem sygnału GPS. Kaspersky Daily, https://plblog.kaspersky.com/g..., (dostęp: 24.10.2022).
22.
Navigation Center United States Coast Guard U.S. Department of Homeland Security. (2022).GPS Problem Report Status, https://www.navcen.uscg.gov/gp..., (dostęp: 27.10.2022).
23.
Nowakowski, M. (2019). Nowe wytyczne EBA w sprawie zarządzania ryzykami IT oraz bezpieczeństwa. Cz. 1. Definicja, strategia i strony trzecie. Bankowość PSD2, https://finregtech.pl/2019/12/....
24.
Rector, K. Baltimore Officials: 911 System Was Hacked, https://www.firehouse.com/tech...-, (dostęp: 17.10.2022).
25.
Rządowe Centrum Bezpieczeństwa. (2021). Narodowy Program Ochrony Infrastruktury Krytycznej (Załącznik 1), Standardy służące zapewnieniu sprawnego funkcjonowania infrastruktury krytycznej – dobre praktyki i rekomendacje. Warszawa.
26.
Terrorism and Homeland Security Committee IAFC External. Protecting against cyberattacks: a guide for public safety leaders, https://www.iafc.org/docs/defa..., (dostęp: 19.10.2022).
27.
The Island Packet. Hacker Holds SC Fire Department Hostage amid Pandemic, https://www.firehouse.com/tech..., (dostęp: 17.10.2022).
28.
Ustawa z dnia 18 lipca 2002 r. o świadczeniu usług drogą elektroniczną. Dz. U. 2002 Nr. 144 poz. 1204.
29.
Ustawa z dnia 24 sierpnia 1991 r. o Państwowej Straży Pożarnej art. 1. Dz. U. 1991 Nr 88 poz. 400.
30.
Yaacoub, J.P., Noura, H., Salman, O., Chehab, A. (2020). Security analysis of drones systems: Attacks, limitations, and recommendations, Internet of Things, Vol. 11.https://www.sciencedirect.com/..., (dostęp: 27.10.2022).
31.
Yasar, Kinza. (2021). What is GPS Spoofing? How to Guard Against GPS Attacks, https://www.makeuseof.com/what..., (dostęp: 29.10.2022).
32.
Whitman, M. E., &Mattord, H. J. (2014). Management of information security (4th ed.). Stanford, CT: Cengage Learning.
33.
Zegarow, P. (2019). Dlaczego wierzymy w dezinformację, analiza mechanizmów psychologicznych. W: NASK, Zjawisko dezinformacji w dobie rewolucji cyfrowej,https://cyberpolicy.nask.pl/15..., (dostęp: 23.10.2022).
34.
Zwęgliński, T., Smolarkiewicz, M., Gromek, P. (2020). Efekt kaskadowy współczesnym wyzwaniem zarządzania kryzysowego. Warszawa: SGSP.
Share
RELATED ARTICLE
| eISSN: | 2391-789X |
| ISSN: | 1734-2031 |
We process personal data collected when visiting the website. The function of obtaining information about users and their behavior is carried out by voluntarily entered information in forms and saving cookies in end devices. Data, including cookies, are used to provide services, improve the user experience and to analyze the traffic in accordance with the Privacy policy. Data are also collected and processed by Google Analytics tool (more).
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
