Vulnerability and Protection of Critical Infrastructures

Critical infrastructure networks are a key ingredient of modern society. We discuss a general method to spot the critical components of a critical infrastructure network, i.e. the nodes and the links fundamental to the perfect functioning of the network. Such nodes, and not the most connected ones, are the targets to protect from terrorist attacks. The method, used as an improvement analysis, can also help to better shape a planned expansion of the network.Comment: 4 pages, 1 figure, 3 table

THE ROLE OF KNOWLEDGE MANAGEMENT IN CRITICAL INFRASTRUCTURE PROTECTION (CIP)

The collocation “critical infrastructures” was officialy born in july 1996, when the USA president decreeted “The executive order for the critical infrastructures protection”. Accordingly to the preface of this document: “critical infrastructures represent Certain national infrastructures that are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States.”knowledge management, criticat infrastructures, security, threats, vulnerabilities, risks

Securing Critical Infrastructures

1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenCarelli, Albert

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version

New Challenges in Critical Infrastructures : A US Perspective

L'émergence d'un plus large spectre de vulnérabilités (terrorisme, sabotage, conflits locaux et catastrophes naturelles) et l'interdépendance croissante de l'activité économique rendent particulièrement vulnérables les grands réseaux vitaux des pays industrialisés. Pour y faire face, des actions importantes doivent être menées à une échelle nationale, en particulier par le développement de partenariats étroits entre le secteur public et la sphère privée.Cet article analyse l'initiative présidentielle lancée dès 1996 aux Etats-Unis -premier pays au monde à inscrire ces questions à l'agenda du plus haut niveau décisionnel- ainsi que la structure nationale de partenariats mis en place depuis lors. Une telle démarche pourrait constituer un point de départ pour d'autres pays désireux d'élaborer leur propre analyse de vulnérabilités et leur stratégie d'amélioration.Les événements du 11 septembre 2001, comme les attaques à l'anthrax, ont néanmoins montré que les avancées américaines ne constituaient qu'une première étape d'un processus plus global de préparation nationale; les infrastructures critiques des Etats-Unis demeurent hautement vulnérables. Enfin, plusieurs idées fausses, par trop souvent récurrentes, doivent être dépassées pour traiter beaucoup plus efficacement ces risques à grande échelle sur un plan international.Partenariats public-privé;Risques à grande échelle;Infrastructures critiques;Nouvelles vulnérabilites;Sécurité nationale;Préparation collective

Tracking advanced persistent threats in critical infrastructures through opinion dynamics

Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and cor- respondingly deploy accurate response procedures. Advanced Persistent Threat Detection Traceability Opinion Dynamics.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Big Data in Critical Infrastructures Security Monitoring: Challenges and Opportunities

Critical Infrastructures (CIs), such as smart power grids, transport systems, and financial infrastructures, are more and more vulnerable to cyber threats, due to the adoption of commodity computing facilities. Despite the use of several monitoring tools, recent attacks have proven that current defensive mechanisms for CIs are not effective enough against most advanced threats. In this paper we explore the idea of a framework leveraging multiple data sources to improve protection capabilities of CIs. Challenges and opportunities are discussed along three main research directions: i) use of distinct and heterogeneous data sources, ii) monitoring with adaptive granularity, and iii) attack modeling and runtime combination of multiple data analysis techniques.Comment: EDCC-2014, BIG4CIP-201

Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management, Decision Support System, Hydroelectric Da