Hosting critical infrastructure services in the cloud environment considerations

Critical infrastructure technology vendors will inevitability take advantage of the benefits offered by the cloud computing paradigm. While this may offer improved performance and scalability, the associated security threats impede this progression. Hosting critical infrastructure services in the cloud environment may seem inane to some, but currently remote access to the control system over the internet is commonplace. This shares the same characteristics as cloud computing, i.e., on-demand access and resource pooling. There is a wealth of data used within critical infrastructure. There needs to be an assurance that the confidentiality, integrity and availability of this data remains. Authenticity and non-repudiation are also important security requirements for critical infrastructure systems. This paper provides an overview of critical infrastructure and the cloud computing relationship, whilst detailing security concerns and existing protection methods. Discussion on the direction of the area is presented, as is a survey of current protection methods and their weaknesses. Finally, we present our observation and our current research into hosting critical infrastructure services in the cloud environment, and the considerations for detecting cloud attacks. © 2015 Inderscience Enterprises Ltd

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Telecommunications Liberalisation in Africa: Proposed Regulatory Model for the SADC Region

The liberalisation of the telecommunication industry in Africa, and the further development of the region’s physical infrastructure was accompanied by the further development of Africa’s information, communication and technology infrastructure. Competition within the industry stimulated heavy economic investment in other sectors of the economy. The outcome of liberalisation also included the establishment of community-based structures that continue to enable communities to manage their own development and gain access to information and communication technologies (ICTs) in an unprecedented manner. The telecommunication infrastructure further stimulated the fast development of other related services, for example, e-commerce and mobile commerce (m-commerce), e-government, internet banking, mobile banking etcetera. Latest reports and statistics disclose that in Africa m-commerce is set to even overtake the development of e-commerce, through the popular use and penetration of mobile telephony whilst e-commerce development is constrained by difficulties in rolling out speedily fixed telephone lines. These new methods of communication have so intensified that there is hope that further penetration of mobile telephony would leap-frog economic growth and development in Africa, especially in rural communities. Therefore, innovations and investment in ICT’s are changing the world in a number of ways, resulting in a globally connected digital economy.  However, there are regulatory challenges that need to be addressed as a matter of urgency. Certain sections of the continent’s population, especially those in rural areas, have very limited access to ICT’s. This prevents them from exploiting opportunities offered by ICT’s. The main barriers to ICT access relate to inadequate regimes and their supporting legal frameworks, high cost of internet access, connectivity problems, the lack of technical skills to support maintenance and low number of computers with internet connectivity at schools, libraries and other public places. In this paper such challenges are identified and further reforms suggested. The ultimate recommendation is the one that states that a SADC telecommunication independent regulatory agency be established, independent of any government ministry, though consulting with a SADC Ministerial Council. Already, some countries in West Africa have developed a harmonized regulatory framework designed to integrate the Acts covering ICT markets in the sub-region and to keep policy and regulatory frameworks in line with the constant evolution of technologies, applications and services

A forensics and compliance auditing framework for critical infrastructure protection

Contemporary societies are increasingly dependent on products and services provided by Critical Infrastructure (CI) such as power plants, energy distribution networks, transportation systems and manufacturing facilities. Due to their nature, size and complexity, such CIs are often supported by Industrial Automation and Control Systems (IACS), which are in charge of managing assets and controlling everyday operations. As these IACS become larger and more complex, encompassing a growing number of processes and interconnected monitoring and actuating devices, the attack surface of the underlying CIs increases. This situation calls for new strategies to improve Critical Infrastructure Protection (CIP) frameworks, based on evolved approaches for data analytics, able to gather insights from the CI. In this paper, we propose an Intrusion and Anomaly Detection System (IADS) framework that adopts forensics and compliance auditing capabilities at its core to improve CIP. Adopted forensics techniques help to address, for instance, post-incident analysis and investigation, while the support of continuous auditing processes simplifies compliance management and service quality assessment. More specifically, after discussing the rationale for such a framework, this paper presents a formal description of the proposed components and functions and discusses how the framework can be implemented using a cloud-native approach, to address both functional and non-functional requirements. An experimental analysis of the framework scalability is also provided.info:eu-repo/semantics/publishedVersio

Telecommunications Liberalisation in Africa: Proposed Regulatory Model for the SADC Region

The liberalisation of the telecommunication industry in Africa, and the further development of the region’s physical infrastructure was accompanied by the further development of Africa’s information, communication and technology infrastructure. Competition within the industry stimulated heavy economic investment in other sectors of the economy. The outcome of liberalisation also included the establishment of community-based structures that continue to enable communities to manage their own development and gain access to information and communication technologies (ICTs) in an unprecedented manner. The telecommunication infrastructure further stimulated the fast development of other related services, for example, ecommerce and mobile commerce (m-commerce), e-government, internet banking, mobile banking etcetera. Latest reports and statistics disclose that in Africa m-commerce is set to even overtake the development of e-commerce, through the popular use and penetration of mobile telephony whilst ecommerce development is constrained by difficulties in rolling out speedily fixed telephone lines. These new methods of communication have so intensified that there is hope that further penetration of mobile telephony would leap-frog economic growth and development in Africa, especially in rural communities. Therefore, innovations and investment in ICT’s are changing the world in a number of ways, resulting in a globally connected digital economy. However, there are regulatory challenges that need to be addressed as a matter of urgency. Certain sections of the continent’s population, especially those in rural areas, have very limited access to ICT’s. This prevents them from exploiting opportunities offered by ICT’s. The main barriers to ICT access relate to inadequate regimes and their supporting legal frameworks, high cost of internet access, connectivity problems, the lack of technical skills to support maintenance and low number of computers with internet connectivity at schools, libraries and other public places. In this paper such challenges are identified and further reforms suggested. The ultimate recommendation is the one that states that a SADC telecommunication independent regulatory agency be established, independent of any government ministry, though consulting with a SADC Ministerial Council. Already, some countries in West Africa have developed a harmonized regulatory framework designed to integrate the Acts covering ICT markets in the sub-region and to keep policy and regulatory frameworks in line with the constant evolution of technologies, applications and services

Innovative public governance through cloud computing: Information privacy, business models and performance measurement challenges

Purpose: The purpose of this paper is to identify and analyze challenges and to discuss proposed solutions for innovative public governance through cloud computing. Innovative technologies, such as federation of services and cloud computing, can greatly contribute to the provision of e-government services, through scaleable and flexible systems. Furthermore, they can facilitate in reducing costs and overcoming public information segmentation. Nonetheless, when public agencies use these technologies, they encounter several associated organizational and technical changes, as well as significant challenges. Design/methodology/approach: We followed a multidisciplinary perspective (social, behavioral, business and technical) and conducted a conceptual analysis for analyzing the associated challenges. We conducted focus group interviews in two countries for evaluating the performance models that resulted from the conceptual analysis. Findings: This study identifies and analyzes several challenges that may emerge while adopting innovative technologies for public governance and e-government services. Furthermore, it presents suggested solutions deriving from the experience of designing a related platform for public governance, including issues of privacy requirements, proposed business models and key performance indicators for public services on cloud computing. Research limitations/implications: The challenges and solutions discussed are based on the experience gained by designing one platform. However, we rely on issues and challenges collected from four countries. Practical implications: The identification of challenges for innovative design of e-government services through a central portal in Europe and using service federation is expected to inform practitioners in different roles about significant changes across multiple levels that are implied and may accelerate the challenges' resolution. Originality/value: This is the first study that discusses from multiple perspectives and through empirical investigation the challenges to realize public governance through innovative technologies. The results emerge from an actual portal that will function at a European level. © Emerald Group Publishing Limited

Transnational Cooperation in Cybersecurity

Cybersecurity has become a significant focal point for law enforcement, businesses, and consumers with the significant advancements made in cyber technologies, cyber use, and cybercrimes, [16]. Organized cybercrime includes activities such as skimming, botnets, provision of child pornography and advance fee fraud. Unorganized cybercrime could be simple fraud, downloading child pornography, trolling or uttering threats. Both organized and unorganized activities have grown more prevalent in today’s digital landscape. The media sensationalize breaches, such as the hacking of HBO’s Game of Thrones episodes and the Equifax data breach. These incidents get much fanfare shifting focus to law enforcement agencies their plans to address the crimes. We need to know more about the effectiveness of measures against cybercrime and the cooperation between nations against cybercrime. This manuscript examines this issue by exploring how transnational cooperation succeeded in the apprehension of wanted individuals in Operation Avalanche

Multinational perspectives on information technology from academia and industry

As the term \u27information technology\u27 has many meanings for various stakeholders and continues to evolve, this work presents a comprehensive approach for developing curriculum guidelines for rigorous, high quality, bachelor\u27s degree programs in information technology (IT) to prepare successful graduates for a future global technological society. The aim is to address three research questions in the context of IT concerning (1) the educational frameworks relevant for academics and students of IT, (2) the pathways into IT programs, and (3) graduates\u27 preparation for meeting future technologies. The analysis of current trends comes from survey data of IT faculty members and professional IT industry leaders. With these analyses, the IT Model Curricula of CC2005, IT2008, IT2017, extensive literature review, and the multinational insights of the authors into the status of IT, this paper presents a comprehensive overview and discussion of future directions of global IT education toward 2025