White Paper on Industry Experiences in Critical Information Infrastructure Security: A Special Session at CRITIS 2019
- 94 Downloads
The security of critical infrastructures is of paramount importance nowadays due to the growing complexity of components and applications. This paper collects the contributions to the industry dissemination session within the 14th International Conference on Critical Information Infrastructures Security (CRITIS 2019). As such, it provides an overview of recent practical experience reports in the field of critical infrastructure protection (CIP), involving major industry players. The set of cases reported in this paper includes the usage of serious gaming for training infrastructure operators, integrated safety and security management in the chemical/process industry, risks related to the cyber-economy for energy suppliers, smart troubleshooting in the Internet of Things (IoT), as well as intrusion detection in power distribution Supervisory Control And Data Acquisition (SCADA). The session has been organized to stimulate an open scientific discussion about industry challenges, open issues and future opportunities in CIP research.
The work reported in Sect. 3 was supported by INAIL via the European Safera project “Management of Safety and Security Synergies in Seveso Plants” (4STER).
- 1.Perla, P., McGrady, E.: Why wargaming works. Nav. War Collage Rev. 64(3), 111–130 (2011)Google Scholar
- 2.Michael, D., Chen, S.: Serious Games - Games that Educate, Train and Inform. Thomson Course Technology, Boston (2016)Google Scholar
- 3.Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, OJ L 194, 19.7.2016, pp. 1–30Google Scholar
- 4.Sullivan, D., Colbert, E., Hoffman, E., Kott, A.: Best practices for designing and conducting cyber physical system war games. Computational and information sciences directorate, U.S. Army Research Laboratory, Adelphi, MD, USA (2018)Google Scholar
- 5.Council Directive 82/501/EEC of 24 June 1982 on the major-accident hazards of certain industrial activities, OJ L 230, 5.8.1982, pp. 1–18Google Scholar
- 6.Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC, OJ L 197, 24.7.2012, pp. 1–37Google Scholar
- 8.Integrated Management of Safety and Security Synergies in Seveso Plants (SAF€RA 4STER) project. https://projects.safera.eu/project/21
- 9.Reis, J., Amorim, M., Melão, N., Matos, P.: Digital transformation: a literature review and guidelines for future research. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’18 2018. AISC, vol. 745, pp. 411–421. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77703-0_41CrossRefGoogle Scholar
- 10.Caporuscio, M., Flammini, F., Khakpour, N., Singh, P., Thornadtsson, J.: Smart-troubleshooting connected devices: concept, challenges and opportunities. J. Future Gener. Comput. Syst. (2019, in press). https://doi.org/10.1016/j.future.2019.09.004