Software Vulnerability vs. Critical Infrastructure - a Case Study of Antivirus Software

During the last decade, the realisation of how vulnerable critical infrastructures are due to their interdependencies has hit home with more gravity than ever. The abundance of vulnerabilities in the software that is widely used in critical systems could have escalating consequences. In this paper, we used the PROTOS MATINE model to systematically examine the scope of software systems used in critical infrastructure. Dependency analysis methods indicated antivirus software as a critical subject to study, as its use is mandated and as it processes data from malicious sources. We determined that antivirus software is by nature susceptible to various risks and has exhibited significant vulnerability, but the issue is neither widely recognized nor reported. Awareness on the drawbacks of AV software should be spread among the planners of the critical infrastructures. Due to inherent risks, the suitability of antivirus software in critical systems should be reconsidered on a system-bysystem basis.