Abstract
This paper describes an approach to analyse transversal and inter-sectoral cybersecurity challenges and opportunities: dedicated risk assessment and management framework, which can be used to develop cybersecurity technology roadmaps. This multi-sector assessment framework is able to prioritise and evaluate cybersecurity risks in trans-sectoral and inter-sectoral contexts as well as supports proper resource allocations and mitigation actions. To achieve this goal, the analysis of known risk management and risk assessment frameworks was performed, and results are presented in this paper. Also, an overview on transversal, inter-sectoral and multi-sectoral technological challenges and opportunities is provided. The result of this analysis is an architecture of the ECHO Multi-sector Assessment Framework, which was described in detail, including identified and analysed transversal aspects, multi-sector dependencies, and technological challenges and opportunities determine the input data for the framework. This solution is applicable in many sectors, such as energy, healthcare, maritime transportation, or defence, however it can also be extended to others. The architecture of the framework proposed supports the design of cybersecurity technology roadmap and the definition of governance models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ECHO Project website. https://echonetwork.eu. Accessed 22 Aug 2022
Pappalardo, S.M., Niemiec, M., Bozhilova, M., Stoianov, N., Dziech, A., Stiller, B.: Multi-sector assessment framework – a new approach to analyse cybersecurity challenges and opportunities. In: Dziech, A., Mees, W., Czyżewski, A. (eds.) MCSS 2020. CCIS, vol. 1284, pp. 1–15. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59000-0_1
Niemiec, M., Jaglarz, P., Jękot, M., Chołda, P., Boryło, P.: Risk assessment approach o secure northbound interface of SDN networks. In: Proceedings of the International Conference on Computing, Networking and Communications (ICNC 2019), Honolulu, HI, USA (2019)
D2.2 ECHO Multi-Sector Assessment Framework, ECHO project consortium (2019)
ISO 31000:2018 Risk management—Guidelines. https://www.iso.org/standard/65694.html. Accessed 22 Aug 2022
The TOGAF Standard. https://publications.opengroup.org/c182. Accessed 22 Aug 2022
NIST Special Publication 800-30 Guide for Conducting Risk Assessments. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf. Accessed 22 Aug 2022
MEHARI Overview. http://meharipedia.x10host.com/wp/wp-content/uploads/2019/05/MEHARI-Overview-2019.pdf. Accessed 22 Aug 2022
MAGERIT v.3: Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información. https://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html?idioma=en#.Xl1XC0pCdPY. Accessed 22 Aug 2022
Alberts, C.J., Behrens, S.G., Pethia, R.D., Wilson, W.R.: Operationally critical threat, asset, and vulnerability EvaluationSM (OCTAVESM) framework. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=13473. Accessed 22 Aug 2022
Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE allegro: improving the information security risk assessment process (2007)
Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection, pp. 75–82. http://data.europa.eu/eli/dir/2008/114/oj. Accessed 22 Aug 2022
HIMSS Cybersecurity Survey. https://www.himss.org/2018-himss-cybersecurity-survey. Accessed 22 Aug 2022
NIST Cyber Security Framework, Framework for Improving Critical Infrastructure Cybersecurity. https://www.nist.gov/cyberframework/framework. Accessed 22 Aug 2022
ISO27001:2013. https://www.iso.org/isoiec-27001-information-security.html. Accessed 22 Aug 2022
HITRUST Cyber Security Framework. https://hitrustalliance.net/csf-license-agreement. Accessed 22 Aug 2022
CIS 20 Controls. https://learn.cisecurity.org/cis-controls-download. Accessed 22 Aug 2022
COBIT framework. http://www.isaca.org/cobit/pages/default.aspx. Accessed 22 Aug 2022
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (2016)
Guidelines on high-level recommendations on maritime cyber risk management. https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx. Accessed 22 Aug 2022
D2.3 Transversal Cybersecurity Challenges and Opportunities, ECHO project consortium (2019)
D2.5 Multi-sector Requirements Definition and Demonstration Cases, ECHO project consortium (2020)
D2.1 Sector Scenarios and Use Case Analysis, ECHO project consortium (2019)
D2.4 Inter-Sector Technology Challenges and Opportunities, ECHO project consortium (2020)
Nai-Fovino, I., et al.: A proposal for a European cybersecurity taxonomy. Publications Office of the European Union (2019)
Tagarev, T., Pappalardo, S.M., Stoianov, N.: A logical model for multi-sector cyber risk management. In: Proceedings of the Digital Transformation, Cyber Security and Resilience (DIGILIENCE 2020), Varna, Bulgaria (2020)
ISO/IEC 27005:2018. https://www.iso.org/standard/75281.html. Accessed 22 Aug 2022
Acknowledgements
This work has been partially funded by the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no. 830943, the ECHO project and partially by the European Union’s Horizon 2020 Research and Innovation Program under Grant Agreement no. 830927, the CONCORDIA project.
The authors would like to thank all our colleagues involved in WP2 of ECHO project who contributed to deliverables D2.1, D2.2, D2.3, D2.4, and D2.5.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Niemiec, M., Pappalardo, S.M., Bozhilova, M., Stoianov, N., Dziech, A., Stiller, B. (2022). Multi-sector Risk Management Framework for Analysis Cybersecurity Challenges and Opportunities. In: Dziech, A., Mees, W., Niemiec, M. (eds) Multimedia Communications, Services and Security. MCSS 2022. Communications in Computer and Information Science, vol 1689. Springer, Cham. https://doi.org/10.1007/978-3-031-20215-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-20215-5_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20214-8
Online ISBN: 978-3-031-20215-5
eBook Packages: Computer ScienceComputer Science (R0)