Threat awareness for critical infrastructures resilience

Utility networks are part of every nation’s critical infrastructure, and their protection is now seen as a high priority objective. In this paper, we propose a threat awareness architecture for critical infrastructures, which we believe will raise security awareness and increase resilience in utility networks. We first describe an investigation of trends and threats that may impose security risks in utility networks. This was performed on the basis of a viewpoint approach that is capable of identifying technical and non-technical issues (e.g., behaviour of humans). The result of our analysis indicated that utility networks are affected strongly by technological trends, but that humans comprise an important threat to them. This provided evidence and confirmed that the protection of utility networks is a multi-variable problem, and thus, requires the examination of information stemming from various viewpoints of a network. In order to accomplish our objective, we propose a systematic threat awareness architecture in the context of a resilience strategy, which ultimately aims at providing and maintaining an acceptable level of security and safety in critical infrastructures. As a proof of concept, we demonstrate partially via a case study the application of the proposed threat awareness architecture, where we examine the potential impact of attacks in the context of social engineering in a European utility company

The power of creative thinking in situations of uncertainties: the almost impossible task of protecting critical infrastructures

A good and scientific analysis starts with a closer look at the conceptualisation at hand. The definition of CIP is not easy because of its wide range. This paper examines infrastructures that are critical and need protection. Each word entails a specific connotation and is characterized by several components

The power of creative thinking in situations of uncertainties: the almost impossible task of protecting critical infrastructures

A good and scientific analysis starts with a closer look at the conceptualisation at hand. The definition of CIP is not easy because of its wide range. This paper examines infrastructures that are critical and need protection. Each word entails a specific connotation and is characterized by several components

Australian commercial-critical infrastructure management protection

Secure management of Australia\u27s commercial critical infrastructure presents ongoing challenges to owners and the government. Although managed via a high-level information sharing collaboration of government and business, critical infrastructure protection is further complicated by the lack of a lower-level scalable model exhibiting its various levels, sectors and sub-sectors. This research builds on the work of Marasea (2003) to establish a descriptive critical infrastructure model and also considers the influence and proposed modelling of critical infrastructure dependency inter-relationships.<br /

Current capabilities, requirements and a proposed strategy for interdependency analysis in the UK

The UK government recently commissioned a research study to identify the state-of-the-art in Critical Infrastructure modelling and analysis, and the government/industry requirements for such tools and services. This study (Cetifs) concluded with a strategy aiming to bridge the gaps between the capabilities and requirements, which would establish interdependency analysis as a commercially viable service in the near future. This paper presents the findings of this study that was carried out by CSR, City University London, Adelard LLP, a safety/security consultancy and Cranfield University, defense academy of the UK

Is United States (U.S.) Policy Sufficient To Develop Earth-Moon Economic Zone Infrastructures By 2049?

The nation first-to-develop infrastructures in the future Earth-Moon Economic Zone will set the standards that shape and govern use by others, increasing both economic and national power. Current U.S. economic and national power is built upon a legacy of infrastructure leadership on Earth and in Earth orbit. However, China has a goal to supplant U.S. infrastructure leadership on Earth and establish leadership before the U.S. in the Earth-Moon Economic Zone by 2049. While the U.S. acknowledges China’s terrestrial infrastructure goals as an economic challenge, China’s space infrastructure goals appear to be met as either a military challenge in Earth orbit, or a prestige challenge to land a human on the Moon. Despite China incorporating infrastructure goals into their 2017 constitution, there has been no scholarly review of U.S. policy to develop infrastructures in this zone before 2049. The purpose of this study is to explore the sufficiency of U.S. policy to develop Earth-Moon Economic Zone infrastructures by 2049. The target audience is the U.S. National Security, National Space, and National Economic Councils, U.S. Congress, U.S. Department of Commerce (DOC), U.S. Department of Defense (DoD), National Aeronautics and Space Administration (NASA), U.S. Industry, and think tanks. This study was limited to the Earth-Moon Economic Zone from Earth orbit to the surface of the Moon, and both Trump and Biden U.S. national security, national space and select NASA budget documents since 2017. A qualitative analysis was used to review U.S. policy with an initial researcher-led document analysis followed by expert interviews for corroboration and supplemental information such as new policy. If any changes or new policies were identified, then U.S. policy reviewed was deemed not sufficient. The interview analysis corroborated five recommended changes and identified three new policies, so current U.S. policy was deemed not sufficient. While recommendations were not analyzed, the Researcher opines four as critical; adding a more unified infrastructure competition strategy across all infrastructure domains, including sustained operational dates for specific infrastructures in both policy and budgets, creating a national economic strategy for U.S. Earth-Moon Zone investment, and development of a whole-of-nation industrialization plan for Earth-Moon Zone infrastructure development

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management