A Model for identifying vulnerabilities on critical infrastructures: case of cyber threats in Kenya

Abstract

With advancement in technology, industry-focused technological systems have over time faced the challenge of attacks given their vulnerabilities resulting in denial of services and catastrophic operations for countries. This study focused at analysing the risk exposure on Kenya’s Critical Information Infrastructure (CII). A model for identifying the vulnerabilities that critical infrastructures are exposed to by detecting anomalies in the set thresholds was developed. This study adopted the vulnerability system development lifecycle to develop the model. The model was developed following the Rapid Assessment Methodology and used the Common Vulnerability Scoring System (CVSS) to measure the severity of potential vulnerabilities against critical infrastructure. This allowed the model to prioritize responses and resources to remediate against the vulnerability identified. The study found that vulnerabilities pose a security threat on systems that are deemed critical and as such recommends that organisations should invest on vulnerability assessment tools. These will help them detect, remediate and monitor and evaluate vulnerabilities on CIIs.