Targeting Reputation: A New Vector for Attacks to Critical Infrastructures

A substantial portion of critical information infrastructures in advanced economies comprises for mer public utilities, which in the 1980s/90s were fully or partially privatized, a change justified mainly on economic efficiency grounds. This entailed that these utility companies had to compete in the free market , thus being exposed to the same risks opportunities as private companies. Much like businesses in other industrial sectors , utility companies have increasingly joined social media over the last decade as ‘digital’ visibility through social networking platforms such as Facebook, Twitter, and I nstagram has become fundamental. The new privatized utilities have rel ied on marketing and ad campaigns to promote their business and generate revenues. Trust and reputation for companies are primary resources to attract new customers and/or keep old one s, especially for companies with a wide customer base. Trust and reputat ion are difficult assets to preserve on social media, as they can be subject to negative attacks, including fake campaigns. This paper is a probe that explores a potential attack vector to critical infrastructures via weakening customer and investor trust in the now private) utilities by blemishing CII utilities’ reputation on social media. More specifically, the paper considers the possibility of attacks that have the potential to und ermine the stability and reliability of critical infrastructures and advances a preliminary justification of why that may happen . We do this by looking at cases in which negative social media campaigns with fake content have been successfully implemented via digital tools.