A Model for identifying vulnerabilities on critical infrastructures: case of cyber threats in Kenya
Abstract
With advancement in technology, industry-focused technological systems have over time faced
the challenge of attacks given their vulnerabilities resulting in denial of services and catastrophic
operations for countries. This study focused at analysing the risk exposure on Kenya’s Critical
Information Infrastructure (CII). A model for identifying the vulnerabilities that critical
infrastructures are exposed to by detecting anomalies in the set thresholds was developed. This
study adopted the vulnerability system development lifecycle to develop the model. The model
was developed following the Rapid Assessment Methodology and used the Common Vulnerability
Scoring System (CVSS) to measure the severity of potential vulnerabilities against critical
infrastructure. This allowed the model to prioritize responses and resources to remediate against
the vulnerability identified. The study found that vulnerabilities pose a security threat on systems
that are deemed critical and as such recommends that organisations should invest on vulnerability
assessment tools. These will help them detect, remediate and monitor and evaluate vulnerabilities
on CIIs.