Impact of malicious use of Open-Source Intelligence on critical infrastructure business continuity

Expected Outcome: Project results are expected to contribute to some or all of the following outcomes: Critical infrastructure operators and authorities have improved awareness of Open-Source Intelligence (OSINT) and their potential impact on security of their operations; Toolbox for OSINT mapping, including enhanced analysis and risk flagging is developed and available to relevant stakeholders; Critical infrastructure operators and authorities have improved incident response, emergency plans and business continuity models; Removal of potentially harmful OSINT from the public domain in order to counter/prevent preparations and attempted attacks against critical entities, including the lone wolf and hybrid scenarios; Awareness campaigns and training curricula for critical entities’ employees are developed. Scope: The malicious use of Open-Source Intelligence (OSINT) is a known concern and technique used by offenders to retrieve personal, professional, and official or technical information about entities and their employees either to immediately plot illegal actions or use it to access more sensitive data with social engineering techniques like tailored data phishing. Although singular information may seem harmless, their critical mass coupled with reasoning and automated processing of large data blocks, could reveal critical vulnerabilities and possible attack vectors. This modus operandi is of special concern for critical infrastructure operators and authorities, as it can…