Skip to main content
SpringerLink
Log in

A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda

  • Conference paper
  • First Online:
International Conference on Emerging Applications and Technologies for Industry 4.0 (EATI’2020) (EATI 2020)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 254))

Abstract

Critical infrastructure is an asset or a system that is essential for the maintenance of vital societal functions. The protection of such an infrastructure requires more than a technical understanding of the underlying issues; it also needs an understanding of the organizational aspects. Although there are several standards and guidelines for the protection of critical infrastructure, they are usually vague and do not offer practical solutions. In this paper, we describe a `work in progress' holistic approach for enhancing critical infrastructure protection. First, we introduce the theoretical background of this study. Then, based on this theoretical foundation, we propose a holistic approach which takes into account both organisational and technical measures. In addition, we provide a synopsis of our research outcomes so far and our ongoing work towards enhancing critical infrastructure protection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abomhara, M., Gerdes, M., Køien, G.M.: A stride-based threat model for telehealth systems. Norsk informasjonssikkerhetskonferanse (NISK) 8(1), 82–96 (2015)

    Google Scholar 

  2. Alhazmi, O., Malaiya, Y.: Prediction capabilities of vulnerability discovery models, pp. 86–91. IEEE (2006). https://doi.org/10.1109/RAMS.2006.1677355

  3. Atif, Y., et al.: Cyber-threat analysis for cyber-physical systems (2018)

    Google Scholar 

  4. European Commission: Green paper on a European programme for critical infrastructure protection. Technical report, European Commission (2005)

    Google Scholar 

  5. European Commission: Communication from the commission on a European programme for critical infrastructure protection. Technical report, European Commission (2006)

    Google Scholar 

  6. European Union: Regulations, directives, and other acts. https://europa.eu/european-union/eu-law/legal-acts

  7. European Union: Directive (EU) 2016/1148 of the European parliament and of the council of 6 july 2016. Offic. J. Eur. Union (2016)

    Google Scholar 

  8. Fuster, G.G., Gutwirth, S.: Ethics, law and privacy: disentangling law from ethics in privacy discourse. In: Proceedings of the Technology and Engineering 2014 IEEE International Symposium on Ethics in Science, pp. 1–6, May 2014

    Google Scholar 

  9. Greenberg, A.: ‘crash override’: The malware that took down a power grid (2017). https://www.wired.com/story/crash-override-malware/

  10. Joh, H., Kim, J., Malaiya, Y.K.: Vulnerability discovery modeling using weibull distribution, pp. 299–300. IEEE (2008). https://doi.org/10.1109/ISSRE.2008.32

  11. Labaka, L., Hernantes, J., Sarriegi, J.M.: A holistic framework for building critical infrastructure resilience 103, 21–33 (2016)

    Google Scholar 

  12. Laugé, A., Hernantes, J., Sarriegi, J.M.: Critical infrastructure dependencies: a holistic, dynamic and quantitative approach. Int. J. Crit. Infrastructure Prot. 8, 16–23 (2015)

    Google Scholar 

  13. Mühlberg, B.: U.S. critical infrastructure victim of ransomware attack, March 2020. https://www.cpomagazine.com/cyber-security/u-s-critical-infrastructurevictim-of-ransomware-attack/

  14. National Institute of Standards and Technology: Information security: Guide for conducting risk assessments, September 2012

    Google Scholar 

  15. National Institute of Standards and Technology: Framework for improving critical infrastructure cybersecurity. Technical report. National Institute of Standards and Technology (2014)

    Google Scholar 

  16. NERC: Critical infrastructure protection (CIP) standards. Technical report, North American Electric Reliability Corporation (2020)

    Google Scholar 

  17. Nweke, L.O.: Using the CIA and AAA models to explain cybersecurity activities. PM World J. 6 (2017)

    Google Scholar 

  18. Nweke, L.O., Weldehawaryat, G.K., Wolthusen, S.D.: Adversary model for attacks against IEC 61850 real-time communication protocols. In: 16th International Conference on the Design of Reliable Communication Networks DRCN, pp. 1–8. IEEE (2020)

    Google Scholar 

  19. Nweke, L.O., Wolthusen, S.: Legal issues related to cyber threat information sharing among private entities for critical infrastructure protection. In: NATO CCDCOE 12th International Conference on Cyber Conflict (2020)

    Google Scholar 

  20. Nweke, L.O., Wolthusen, S.: A review of asset-centric threat modelling approaches. Int. J. Adv. Comput. Sci. Appl. 11(2), 1–6 (2020)

    Google Scholar 

  21. Nweke, L.O., Wolthusen, S.D.: Ethical implications of security vulnerability research for critical infrastructure protection. In: 15th International Conference on Wirtschaftsinformatik (2020)

    Google Scholar 

  22. Nweke, L.O., Wolthusen, S.D.: Modelling adversarial flow in software-defined industrial control networks using a queueing network model. In: IEEE Conference on Communications and Network Security (2020)

    Google Scholar 

  23. Nweke, L.O., Wolthusen, S.D.: Resilience analysis of software-defined networks using queueing networks. In: 2020 International Conference on Computing, Networking and Communications (ICNC), pp. 536–542. IEEE (2020)

    Google Scholar 

  24. Nweke, L.O., Yeng, P., Wolthusen, S.D., Yang, B.: Understanding attribute-based access control for modelling and analysing healthcare professionals’ security practices. Int. J. Adv. Comput. Sci. Appl. 11(2), 683–690 (2020). https://doi.org/10.14569/ijacsa.2020.0110286

  25. Rekik, M., Gransart, C., Berbineau, M.: Cyber-physical threats and vulnerabilities analysis for train control and monitoring systems. In: Proceedings of Computers and Communications (ISNCC) 2018 International Symposium Networks, pp. 1–6, June 2018

    Google Scholar 

  26. Shukla, A., Katt, B., Nweke, L.O.: Vulnerability discovery modelling with vulnerability severity. In: 2019 IEEE Conference on Information and Communication Technology, pp. 1–6. IEEE (2019). https://doi.org/10.1109/CICT48419.2019.9066187

  27. Spyridopoulos, T., Topa, I.-A., Tryfonas, T., Karyda, M.: A holistic approach for cyber assurance of critical infrastructure with the viable system model. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 438–445. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_37

    Chapter  Google Scholar 

  28. Whitaker, A., Newman, D.P.: Penetration Testing and Network Defense. Cisco Press, Indianapolis (2006)

    Google Scholar 

  29. Yeng, P.K., Nweke, L.O., Woldaregay, A.Z., Yang, B., Snekkenes, E.A.: Data-driven and artificial intelligence (AI) approach for modelling and analyzing healthcare security practice: a systematic review. In: Intelligent Systems Conference (IntelliSys) 2020 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security and Communication Technology, Norwegian University of Science and Technology (NTNU), Gjøvik, Norway

    Livinus Obiora Nweke & Stephen D. Wolthusen

  2. School of Mathematics and Information Security, Royal Holloway, University of London, Egham, UK

    Stephen D. Wolthusen

Authors
  1. Livinus Obiora Nweke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen D. Wolthusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Livinus Obiora Nweke .

Editor information

Editors and Affiliations

  1. Faculty of Science, Engineering and Built Environment, Deakin University, Geelong, VIC, Australia

    Jemal H. Abawajy

  2. Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Mathematical Sciences Department, Abubakar Tafawa Balewa University, Bauchi, Nigeria

    Haruna Chiroma

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nweke, L.O., Wolthusen, S.D. (2021). A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda. In: Abawajy, J.H., Choo, KK.R., Chiroma, H. (eds) International Conference on Emerging Applications and Technologies for Industry 4.0 (EATI’2020). EATI 2020. Lecture Notes in Networks and Systems, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-80216-5_16

Download citation

Publish with us

Policies and ethics

Search

Navigation