Critical Infrastructure Security: CRS Experts

This report contains a table which provides access to names and contact information for CRS experts on policy concerns relating to critical infrastructure security. Policy areas identified include: mission; security services; and specific sectors: assessing vulnerabilities, planning and implementation

Water Critical Infrastructure Security and Its Dependencies

Water critical infrastructure is considered one of the most important CI on a global basis. Water CI has been consistently targeted across history since 3000 BC, with a significant increase in those attacks documented in the early 2010s. The aim of this paper is to review security and dependencies of water CI in relation to terrorism or adverse human intervention. In particular, the paper analyses water as a ‘soft’ target, and provides an insight into terrorist attack planning and perceived threat levels. Keywords: Water critical infrastructure; security; terrorist attack; dependency; water contaminatio

Dynetics: Company Fact Sheet

Dynetics provides responsive, cost-effective engineering, scientific, and IT solutions to the national security, cybersecurity, space, and critical infrastructure security sectors. We offer highly specialized technical services and a range of software and hardware products, including components, subsystems, and complex end-to-end systems

Behavioural Observation for Critical Infrastructure Security Support

Critical infrastructures include sectors such as energy resources, finance, food and water distribution, health, manufacturing and government services. In recent years, critical infrastructures have become increasingly dependent on ICT; more interconnected and are often, as a result, linked to the Internet. Consequently, this makes these systems more vulnerable and increases the threat of cyber-attack. In addition, the growing use of wireless networks means that infrastructures can be more susceptible to a direct digital attack than ever before. Traditionally, protecting against environmental threats was the main focus of critical infrastructure preservation. Now, however, with the emergence of cyber-attacks, the focus has changed and infrastructures are facing a different danger with potentially debilitating consequences. Current security techniques are struggling to keep up to date with the sheer volume of innovative and emerging attacks; therefore, considering fresh and adaptive solutions to existing computer security approaches is crucial. The research presented in this thesis, details the use of behavioural observation for critical infrastructure security support. Our observer system monitors an infrastructure’s behaviour and detects abnormalities, which are the result of a cyber-attack taking place. By observing subtle changes in system behaviours, an additional level of support for critical infrastructure security is provided through a plug-in device, which operates autonomously and has no negative impact on data flow. Behaviour is evaluated using mathematical classifications to assess the data and detect changes. The subsequent results achieved during the data classification process were high and successful. Our observer approach was able to accurately classify 98.138 % of the normal and abnormal system behaviours produced by a simulation of a critical infrastructure, using nine data classifiers

Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp

Delayed-Bang Approach Towards More Sustainable Critical Infrastructure Risk Management

This article describes the Delayed Bang Approach for determining the value of risk management alternatives in critical infrastructure security. The discussion includes (1) the need for sustainable risk management (2) the importance of time valuation in evaluating competing loss prevention and loss reduction alternatives, (3) the convergence of deterministic engineering economics, survivability analysis, and probabilistic analysis, and (4) hypothetical examples of the Delayed-Bang Approach and significance towards more sustainable risk management

Countering Terrorism on Tomorrow’s Battlefield: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 2)

Every day, malicious actors target emerging technologies and medical resilience or seek to wreak havoc in the wake of disasters brought on by climate change, energy insecurity, and supply-chain disruptions. Countering Terrorism on Tomorrow’s Battlefield is a handbook on how to strengthen critical infrastructure resilience in an era of emerging threats. The counterterrorism research produced for this volume is in alignment with NATO’s Warfighting Capstone Concept, which details how NATO Allies can transform and maintain their advantage despite new threats for the next two decades. The topics are rooted in NATO’s Seven Baseline requirements, which set the standard for enhancing resilience in every aspect of critical infrastructure and civil society. As terrorists hone their skills to operate lethal drones, use biometric data to target innocents, and take advantage of the chaos left by pandemics and natural disasters for nefarious purposes, NATO forces must be prepared to respond and prevent terrorist events before they happen. Big-data analytics provides potential for NATO states to receive early warning to prevent pandemics, cyberattacks, and kinetic attacks. NATO is perfecting drone operations through interoperability exercises, and space is being exploited by adversaries. Hypersonic weapons are actively being used on the battlefield, and satellites have been targeted to take down wind farms and control navigation. This handbook is a guide for the future, providing actionable information and recommendations to keep our democracies safe today and in the years to come.https://press.armywarcollege.edu/monographs/1953/thumbnail.jp

Behaviour analysis techniques for supporting critical infrastructure security

Protecting critical infrastructures from cyber-threats in an increasingly digital age is a matter of growing urgency for governments and private industries across the globe. In a climate where cyber-security is an uncertainty, fresh and adaptive solutions to existing computer security approaches are a must. In this paper, we present our approach to supporting critical infrastructure security. The use of our critical infrastructure simulation, developed using Siemens Tecnomatix Plant Simulator and the programming language SimTalk, is used to construct realistic data from a simulated nuclear power plant. The data collected from the simulation, when both functioning as normal and during a cyber-attack scenario, is done through the use of an observer pattern. By extracting features from the data collected, threats to the system are identified by modelling system behaviour and identifying changes in patterns of activity by using three data classification techniques

Appraising critical infrastructure systems with visualisation

This paper explores the use of system modelling as an approach for appraising critical infrastructure systems. It reports on focus group findings with relation to the system modelling aspects of a critical infrastructure security analysis and modelling framework. Specifically, this discussion focuses on the interpretations of a focus group in terms of the likely benefits or otherwise of system visualisation. With the group focusing on its perceived value as an educational tool in terms of providing an abstract visualisation representation of a critical infrastructure system incident.<br /