A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness

Critical infrastructures are vital assets for the public safety, economic welfare and national security of countries. Cyber systems are used extensively to monitor and control critical infrastructures. A number of infrastructures are connected to the Internet via corporate networks. Cyber security is, therefore, an important item of the national security agenda of a country. The intense interest in cyber security has initiated research focusing on national cyber security maturity assessments. However, little, if any, research is dedicated to maturity assessments of national critical infrastructure protection efforts. Instead, the vast majority of studies merely examine diverse national-level security best practices ranging from cyber crime response to privacy protection. This paper proposes a maturity model for measuring the readiness levels of national critical infrastructure protection efforts. The development of the model involves two steps. The first step analyzes data pertaining to national cyber security projects using grounded theory to extract the root causes of the susceptibility of critical infrastructures to cyber threats. The second step determines the maturity criteria by introducing the root causes to subject-matter experts polled in a Delphi survey. The resulting survey-based maturity model is applied to assess the critical infrastructure protection efforts in Turkey. The results are realistic and intuitively appealing, demonstrating that the maturity model is useful for evaluating the national critical infrastructure protection preparedness of developing countries such as Turkey

State of the Art in Privacy Preserving Data Mining

Privacy is one of the most important properties an information system must satisfy. A relatively new trend shows that classical access control techniques are not sufficient to guarantee privacy when Data Mining techniques are used. Such a trend, especially in the context of public databases, or in the context of sensible information related to critical infrastructures, represents, nowadays a not negligible thread. Privacy Preserving Data Mining (PPDM) algorithms have been recently introduced with the aim of modifying the database in such a way to prevent the discovery of sensible information. This is a very complex task and there exist in the scientific literature some different approaches to the problem. In this work we present a "Survey" of the current PPDM methodologies which seem promising for the future.JRC.G.6-Sensors, radar technologies and cybersecurit

Ethics and privacy issues of critical infrastructure protection – risks and possible solutions through standardization

Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG geförderten) Allianz- bzw. Nationallizenz frei zugänglich.This publication is with permission of the rights owner freely accessible due to an Alliance licence and a national licence (funded by the DFG, German Research Foundation) respectively.Recent studies propose a paradigm shift in standardization strategies and research and the use of ethical aspects as an additional factor to explain standardization success. This article goes one step further. It focuses on specific ethical and privacy standards and introduces privacy as a new dimension of the interplay between standards nd innovation in the fields of civil security and the protection of critical infrastructures. Based on a survey, it represents mainly German and European perspectives. The article finishes by giving recommendations for new privacy standards which may help to raise acceptance for several new security solutions

Convergence of Blockchain and Edge Computing for Secure and Scalable IIoT Critical Infrastructures in Industry 4.0

This is the author accepted manuscript. The final version is available from IEEE via the DOI in this recordCritical infrastructure systems are vital to underpin the functioning of a society and economy. Due to ever-increasing number of Internet-connected Internet-of-Things (IoTs) / Industrial IoT (IIoT), and high volume of data generated and collected, security and scalability are becoming burning concerns for critical infrastructures in industry 4.0. The blockchain technology is essentially a distributed and secure ledger that records all the transactions into a hierarchically expanding chain of blocks. Edge computing brings the cloud capabilities closer to the computation tasks. The convergence of blockchain and edge computing paradigms can overcome the existing security and scalability issues. In this paper, we first introduce the IoT/IIoT critical infrastructure in industry 4.0, and then we briefly present the blockchain and edge computing paradigms. After that, we show how the convergence of these two paradigms can enable secure and scalable critical infrastructures. Then, we provide a survey on state-of-the-art for security and privacy, and scalability of IoT/IIoT critical infrastructures. A list of potential research challenges and open issues in this area is also provided, which can be used as useful resources to guide future research.Engineering and Physical Sciences Research Council (EPSRC

Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things

In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line societycritical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest

Citizens and Institutions as Information Prosumers. The Case Study of Italian Municipalities on Twitter

The aim of this paper is to address changes in public communication following the advent of Internet social networking tools and the emerging web 2.0 technologies which are providing new ways of sharing information and knowledge. In particular public administrations are called upon to reinvent the governance of public affairs and to update the means for interacting with their communities. The paper develops an analysis of the distribution, diffusion and performance of the official profiles on Twitter adopted by the Italian municipalities (comuni) up to November 2013. It aims to identify the patterns of spatial distribution and the drivers of the diffusion of Twitter profiles; the performance of the profiles through an aggregated index, called the Twitter performance index (Twiperindex), which evaluates the profiles' activity with reference to the gravitational areas of the municipalities in order to enable comparisons of the activity of municipalities with different demographic sizes and functional roles. The results show that only a small portion of innovative municipalities have adopted Twitter to enhance e-participation and e-governance and that the drivers of the diffusion seem to be related either to past experiences and existing conditions (i.e. civic networks, digital infrastructures) developed over time or to strong local community awareness. The better performances are achieved mainly by small and medium-sized municipalities. Of course, the phenomenon is very new and fluid, therefore this analysis should be considered as a first step in ongoing research which aims to grasp the dynamics of these new means of public communication