Abstract
Critical infrastructure is an asset or a system that is essential for the maintenance of vital societal functions. The protection of such an infrastructure requires more than a technical understanding of the underlying issues; it also needs an understanding of the organizational aspects. Although there are several standards and guidelines for the protection of critical infrastructure, they are usually vague and do not offer practical solutions. In this paper, we describe a `work in progress' holistic approach for enhancing critical infrastructure protection. First, we introduce the theoretical background of this study. Then, based on this theoretical foundation, we propose a holistic approach which takes into account both organisational and technical measures. In addition, we provide a synopsis of our research outcomes so far and our ongoing work towards enhancing critical infrastructure protection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abomhara, M., Gerdes, M., Køien, G.M.: A stride-based threat model for telehealth systems. Norsk informasjonssikkerhetskonferanse (NISK) 8(1), 82–96 (2015)
Alhazmi, O., Malaiya, Y.: Prediction capabilities of vulnerability discovery models, pp. 86–91. IEEE (2006). https://doi.org/10.1109/RAMS.2006.1677355
Atif, Y., et al.: Cyber-threat analysis for cyber-physical systems (2018)
European Commission: Green paper on a European programme for critical infrastructure protection. Technical report, European Commission (2005)
European Commission: Communication from the commission on a European programme for critical infrastructure protection. Technical report, European Commission (2006)
European Union: Regulations, directives, and other acts. https://europa.eu/european-union/eu-law/legal-acts
European Union: Directive (EU) 2016/1148 of the European parliament and of the council of 6 july 2016. Offic. J. Eur. Union (2016)
Fuster, G.G., Gutwirth, S.: Ethics, law and privacy: disentangling law from ethics in privacy discourse. In: Proceedings of the Technology and Engineering 2014 IEEE International Symposium on Ethics in Science, pp. 1–6, May 2014
Greenberg, A.: ‘crash override’: The malware that took down a power grid (2017). https://www.wired.com/story/crash-override-malware/
Joh, H., Kim, J., Malaiya, Y.K.: Vulnerability discovery modeling using weibull distribution, pp. 299–300. IEEE (2008). https://doi.org/10.1109/ISSRE.2008.32
Labaka, L., Hernantes, J., Sarriegi, J.M.: A holistic framework for building critical infrastructure resilience 103, 21–33 (2016)
Laugé, A., Hernantes, J., Sarriegi, J.M.: Critical infrastructure dependencies: a holistic, dynamic and quantitative approach. Int. J. Crit. Infrastructure Prot. 8, 16–23 (2015)
Mühlberg, B.: U.S. critical infrastructure victim of ransomware attack, March 2020. https://www.cpomagazine.com/cyber-security/u-s-critical-infrastructurevictim-of-ransomware-attack/
National Institute of Standards and Technology: Information security: Guide for conducting risk assessments, September 2012
National Institute of Standards and Technology: Framework for improving critical infrastructure cybersecurity. Technical report. National Institute of Standards and Technology (2014)
NERC: Critical infrastructure protection (CIP) standards. Technical report, North American Electric Reliability Corporation (2020)
Nweke, L.O.: Using the CIA and AAA models to explain cybersecurity activities. PM World J. 6 (2017)
Nweke, L.O., Weldehawaryat, G.K., Wolthusen, S.D.: Adversary model for attacks against IEC 61850 real-time communication protocols. In: 16th International Conference on the Design of Reliable Communication Networks DRCN, pp. 1–8. IEEE (2020)
Nweke, L.O., Wolthusen, S.: Legal issues related to cyber threat information sharing among private entities for critical infrastructure protection. In: NATO CCDCOE 12th International Conference on Cyber Conflict (2020)
Nweke, L.O., Wolthusen, S.: A review of asset-centric threat modelling approaches. Int. J. Adv. Comput. Sci. Appl. 11(2), 1–6 (2020)
Nweke, L.O., Wolthusen, S.D.: Ethical implications of security vulnerability research for critical infrastructure protection. In: 15th International Conference on Wirtschaftsinformatik (2020)
Nweke, L.O., Wolthusen, S.D.: Modelling adversarial flow in software-defined industrial control networks using a queueing network model. In: IEEE Conference on Communications and Network Security (2020)
Nweke, L.O., Wolthusen, S.D.: Resilience analysis of software-defined networks using queueing networks. In: 2020 International Conference on Computing, Networking and Communications (ICNC), pp. 536–542. IEEE (2020)
Nweke, L.O., Yeng, P., Wolthusen, S.D., Yang, B.: Understanding attribute-based access control for modelling and analysing healthcare professionals’ security practices. Int. J. Adv. Comput. Sci. Appl. 11(2), 683–690 (2020). https://doi.org/10.14569/ijacsa.2020.0110286
Rekik, M., Gransart, C., Berbineau, M.: Cyber-physical threats and vulnerabilities analysis for train control and monitoring systems. In: Proceedings of Computers and Communications (ISNCC) 2018 International Symposium Networks, pp. 1–6, June 2018
Shukla, A., Katt, B., Nweke, L.O.: Vulnerability discovery modelling with vulnerability severity. In: 2019 IEEE Conference on Information and Communication Technology, pp. 1–6. IEEE (2019). https://doi.org/10.1109/CICT48419.2019.9066187
Spyridopoulos, T., Topa, I.-A., Tryfonas, T., Karyda, M.: A holistic approach for cyber assurance of critical infrastructure with the viable system model. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 438–445. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_37
Whitaker, A., Newman, D.P.: Penetration Testing and Network Defense. Cisco Press, Indianapolis (2006)
Yeng, P.K., Nweke, L.O., Woldaregay, A.Z., Yang, B., Snekkenes, E.A.: Data-driven and artificial intelligence (AI) approach for modelling and analyzing healthcare security practice: a systematic review. In: Intelligent Systems Conference (IntelliSys) 2020 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Nweke, L.O., Wolthusen, S.D. (2021). A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda. In: Abawajy, J.H., Choo, KK.R., Chiroma, H. (eds) International Conference on Emerging Applications and Technologies for Industry 4.0 (EATI’2020). EATI 2020. Lecture Notes in Networks and Systems, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-80216-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-80216-5_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80215-8
Online ISBN: 978-3-030-80216-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)