EU-CIP: European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection

Gugliandolo, Emilia; Soldatos, John; Abie, Habtamu

doi:10.1007/978-3-031-62083-6_42

Emilia Gugliandolo⁸,
John Soldatos⁹ &
Habtamu Abie¹⁰

Part of the book series: Security Informatics and Law Enforcement ((SILE))

127 Accesses

Abstract

In our interconnected world, critical infrastructure systems are essential for modern societies. However, they face increasing threats, from cyberattacks to natural disasters. To address these challenges, the EU-CIP (Critical Infrastructure Protection) mission, a 3-year Coordination and Support Action funded by the European Commission, was initiated in October 2022. This chapter presents preliminary findings from the EU-CIP-ANALYSIS activities, shedding light on the evolving landscape of critical infrastructure protection. Preliminary findings reveal key needs, including adaptability, faster responses, and improved detection capabilities. Capability gaps include poor automation and inadequate control over interconnected assets. To address these needs and gaps, the EU-CIP mission has identified a range of state-of-the-art technologies and tools, including cyber-physical threat intelligence, security risk assessment, impact assessment tools, digital twins, anomaly detection, and machine learning for pattern detection. These technologies hold the potential to significantly enhance the resilience and security of critical infrastructure systems. This chapter provides valuable insights into the evolving landscape of critical infrastructure protection and resilience, highlighting the importance of innovative solutions and collaboration among stakeholders in safeguarding the vital systems that underpin modern societies.

You have full access to this open access chapter, Download chapter PDF

Keywords

The Critical Infrastructure Protection and Resilience Ecosystem

In our contemporary and evermore interdependent and globalized world, critical infrastructure systems are the cornerstones of societies. They are complex, interrelated systems, networks, and services essential for everyday life, businesses and social activities, and underwrite the security of societies and communities [1].

Critical infrastructure in its essence means defining the infrastructure, processes, and systems that are crucial for the functioning of the wider social community. In the basic definition, the term “Critical Infrastructure means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions” (EU Directive, 2008 [2]).

Critical infrastructures constitute the backbone of the functioning of our modern and interconnected societies. Major shock events of all types, from natural hazards to industrial accidents, terrorist or cyberattacks, have demonstrated the vulnerabilities of these critical systems. Their destruction, disruption, or interruption could lead to cascading effects across sectors and sometimes across national borders. Vulnerabilities of critical infrastructure to this range of hazards and threats call for increased attention to critical infrastructure security and resilience. Disaster risks, compounded by climate change, present a set of challenges for infrastructure resilience. In addition, the rise of hybrid threats and associated digital security risks calls for increased resilience of critical infrastructures to digital security incidents [3].

In the current landscape, critical infrastructure systems are becoming more complex and interconnected, making them more vulnerable to cascading failures and disruptions. This makes it even more critical for these systems to be resilient and able to adapt and recover from disruptions. Furthermore, disruptions to critical infrastructure systems are becoming more frequent and severe due to factors such as climate change, cyber threats, and pandemics. New security risks are emerging, and the number of cyberattacks against critical infrastructure assets is increasing.

The consequences to societies and communities are that existing vulnerabilities are greatly exacerbated, new ones are created, and social inequalities become more entrenched [4]. Critical infrastructure systems need to be resilient in the current landscape due to the growing complexity and interconnectivity of these systems, the increasing frequency and severity of disruptions, criticality of these systems, and high costs of disruptions. The resilience of critical infrastructure refers to its ability to withstand, adapt to, and recover from disruptions, stresses, and shocks while maintaining its essential functions and services. Resilience is a critical aspect of critical infrastructure, given the high likelihood of disruptions and the severe consequences of failures in these systems. Therefore, the importance of critical infrastructure resilience is high on the agenda of contemporary sustainable development as the “keystone” of nationally led processes of building resilience and actions. In that regard, a resilient society is based on multidimensional principles that contribute to sustainable and resilient development. Critical infrastructure resilience can be understood as the ability of these systems to anticipate, withstand, or absorb shocks and stresses, while adapting to new conditions that would result in a quick recovery and transformation as a way to better cope with chronic stresses and acute shocks in the future [4].

Critical Infrastructure Protection (CIP): A Complex Technological and Policy Landscape

To ensure the resilience and continuity of critical infrastructures, CI operators are deployed a host of different solutions, which range from security risk assessment and cybersecurity solutions to solutions that protect physical assets of critical infrastructures. The development of effective and innovative CIP solution is vital, given the growing sophistication of the CIs and the emerging challenges and threats that are recently faced by operators. For instance, in an increasingly digitally interconnected world, CI operators need to deal with much more sophisticated cybersecurity challenges than ever before. The latter include challenges (e.g., fake news and disinformation management) that were hardly considered in CIP solutions a few years ago. Most importantly, CI owners and operators are nowadays conducting business in a highly unstructured, volatile, and highly unpredictable environment, where asymmetric threats and other previously rare events are becoming the norm. This has been very evident during the last couple of years when several CI operators had to confront challenges like the COVID-19 pandemic outbreak, various large-scale supply chain disruptions following the pandemic, as well as the recent Ukrainian war.

In this landscape, CI operators are forced to design and implement novel solutions that are not just reactive in nature, but rather able to predict and anticipate potential disruptions and security threats. Recent technological advances yield the development of such solutions viable and more pragmatic than a few years ago. Nevertheless, the task of planning, designing, developing, deploying, and operating innovative solutions must take place in the scope of a complex landscape of

Multiple technological solutions, such as security risk assessment, adaptive threat hunting, anomaly detection, biometric authentication, blockchain technology, cyber-physical threat intelligence, data loss prevention, digital twins, disinformation management, end-point protection, image analysis, impact assessment, machine learning, modeling of cascading effects, and pentesting solutions. There are also emerging technological solutions (e.g., generative AI [5]) that present both opportunities and threats to strengthening critical infrastructure protection.
A sea of different standards, such as ISO/TC 292, ISO 27001 series, ISO 28000 series, and ISO 22000 facilities of standards, which cover many different aspects of CI protection aspects.
A considerable number of regulations and directives, such as the NIS directive, GDPR regulation, AI Act of the Council of Europe, cybersecurity Act, and many more.
A multistakeholder environment, including not only CI owners and CI operators, but also technology vendors, researchers, security experts, security integrators, regulatory experts, and policymakers, which view the development and deployment of innovative solutions from their own unique perspective.
A host of opportunities for combining diverse technologies into more complex, integrated, and sophisticated solutions. For instance, these opportunities can be boosted by the amalgamation of advanced technologies such as big data, IoT, IIoT, artificial intelligence (AI), cloud computing, digital twins, edge computing, advanced analytics, robotics, cognitive computing, etc.

In this complex landscape, stakeholders need orientation regarding available solutions, gaps in current knowledge, limitations of the state of the art and the state of practice, as well as roadmaps for the development and deployment of innovative CIP solutions.

The EU-CIP Mission

EU-CIP is a 3-year Coordination and Support Action (CSA) that is funded by the European Commission. EU-CIP’s vision is to establish a sustainable knowledge network of European CIP experts and stakeholders, which will provide knowledge, insights, foresights, and guidance regarding research and innovation opportunities in the CIP domain. Specifically, one of the main objectives of the project is to enhance Europe’s analytical capability regarding research outcomes, technologies, and policies—foster data-driven evidence-based policy and innovation development. The activities that will lead to the accomplishment of this objective are conveniently called EU-CIP-ANALYSIS activities.

The EU-CIP-ANALYSIS activities will be implemented in a period of 3 years following the start of the project in October 2022. This chapter presents some of the findings of the EU-CIP-ANALYSIS, notably findings produced following state-of-the-art analysis and consultation with CIP stakeholders with the EU-CIP consortium and the European Cluster for Securing Critical Infrastructures (ECSCI) cluster, that is, a cluster comprising more than 32 of the most prominent European projects on security and critical infrastructure protection and protection.

Preliminary Findings on Capability Needs and Capability Gaps

The EU-CIP consortium members have identified the following CIP capabilities that are not adequately supported and covered by state-of-the-art solutions:

C1—Enhanced adaptability: There is a need to enhance adaptability to new threats as the novel and sometimes asymmetric threats against CIs happen with higher frequency than ever before.
C2—Reduced response times: EU-CIP experts identified a need for increasing the speed of response as a means of coping with highly volatile environments and minimizing the costs of potential damage.
C3—Increased transparency: In an era where complex threats are handled by sophisticated technologies, there is a need for improving transparency of the solution for the stakeholders.
C4—Improved detection capabilities: Improved detection over current state of the art based on solutions that (i) address novel threats like hybrid threats combining cybersecurity and physical security aspects; and (ii) provide improved analytics capabilities of detection and response tools that account for the rapid shifting in the IoT and 5G spaces, while offering improved informed decision-making.
C5—Improved risk and impact assessment capabilities to address novel integrated, hybrid, and asymmetric threats against a broad range of cyber and physical assets.
C6—Better integration of Telco Security tools with information security management tools: This integration should strive to avoid existing silos and fragmentation in security systems and capabilities.
C7—Solutions addressing cascading effects between different entities and states. Such solutions must help prevent disruptions in supply chain services to ensure the continuity of business operations across different value chains.
C8—Transformation of proactive and adaptive protection tools and methods to incorporate real-time functionalities. Such functionalities will boost the protection and resilience of CI through improved collection and analysis of real-time data in light of the ever-evolving and dynamically changing threat landscape.
C9—Better exploitation of information from critical sensors towards augmented situation awareness. Input from critical sensors (e.g., cameras, human presence, luminosity, weather/environment parameters) must be better integrated and exploited within CIP systems toward improving situation awareness (e.g., about security personnel positions and CI assets state). The latter must be combined with proper revisions to security and emergency management processes.
C10—Risk prediction and anticipation, leading to earlier detection of threats and subsequently enhancing resilience, monitoring, patrolling, decision support, and event management applications.
C11—Training, reskilling and upskilling. There is a need for developing relevant skills and competencies in collaboration with the research and the academic community. Prominent examples of the required skills development include cybersecurity and cyber-resilience trainings.

Moreover, EU-CIP has also identified the following list of preliminary capability gaps (CG), which are partly linked to the above-listed capability needs:

CG1—Poor automation: There is currently poor automation when it comes to achieving fast detection, protection, and recovery from cyberattacks. Specifically, there is a gap in closing the cybersecurity automation loop to automatically verify, diagnose, rectify, monitor, measure, and improve security controls. This gap is very evident when it comes to supporting heterogeneous technology and configurations in a systematic and justifiable manner. Fast-growing technology segments like artificial intelligence can greatly boost automation in processes like threat detection, attack anticipation, and fast enforcement of security policies, yet their use must adhere to the mandates and emerging regulations (e.g., the European AI Act).
CG2—Lack of proper control of interconnectedness: CI operators are not currently offered strong control over interconnected assets and their dependencies. This makes it difficult to implement a holistic CIP approach that considers the dependencies of the various assets, as well as related cascading effects. To boost the interconnection of diverse assets and their security policies, there is a need for novel security knowledge modeling approaches, as well as for interconnection and interoperability across diverse security systems.
CG3—Poor alignment of resilience indicators: Currently, CI operators deal with a host of resilience indicators, which are not aligned and, in several cases, diverse and noncompatible. This hinders the implementation of a structured CIR approach, while being a setback to interoperability across different interconnected critical infrastructures that support prominent value chains of our societies and economies.
CG4—Lack of agreed standards-based stress-testing procedures: Along with poor alignment of indicators, there is also a lack of agreed stress-testing procedures that could foster the implementation of structured, standards-based CIR approaches.
CG5—Problems with the classification of IoT devices: In recent years, there has been a proliferation of IoT devices in CIs. However, the identification and classification of IoT-based assets are lagging behind the output of the suppliers and do not scale to account for the increased diversity and complexity of the various classes of IoT devices. Currently, a “one-size-fits-all” approach to securing IoT devices is applied, which is inadequate to address the vulnerabilities and risks associated with the growing number of connected devices.
CG6—Scalability in the mitigation of distributed denial of service (DDoS) attacks: DDoS attack mitigation is not scaling optimal given the increase in the bandwidth that is nowadays available to end users (e.g., multi-gigabit per second connectivity is now widely available to SMEs). Apart from bandwidth issues, there is also a need for mitigating measures for novel ways of performing DDoS attacks, such as ways based on IoT devices and AI bots.
CG7—Development and deployment of AI-based systems: Despite recent advances in AI systems and technologies, the potential of AI in CIP/CIR solutions remains underexploited. Moreover, there is still poor awareness of AI capabilities among employees and CIP/CIR vendors. Likewise, existing solutions cannot deal effectively with AI-powered cyberattacks based on new adaptive AI technologies. As already outlined, generative AI systems (e.g., like ChatGPT) provide opportunities to increase protection (e.g., based on the intelligent identification of attack patterns), yet they also introduce new potential vulnerabilities and attacks (e.g., due to the generation of new attack patterns).
CG8—Lack of holistic security management systems: There is a lack of holistic security management solutions, which are operationally applicable and do not need to be customized from scratch. Furthermore, there is a lack of solutions that are uniform and operations across a large number of different stakeholders.
CG9—Gaps in emergency management processes: There are significant gaps in standardized processes in case of emergencies. For instance, there is a lack of universally agreed processes regarding the communication with external entities for emergency handling and with public authorities regarding security/safety incident-related communications.
CG10—Inability to cope with dynamically evolving threats: There is a lack of dynamic and intelligent solutions that can deal with the ever-evolving and dynamically changing threats proactively and adaptively. Adaptive, AI-based solutions could provide the required intelligence, yet they are still not widely developed and used in the CIP/CIR domain. In the above direction, there is a need for evolving knowledge modeling and knowledge basis in directions that address the evolution of the threat landscape.
CG11—Poor awareness of modern CIP/CIR challenges: There is generally a lack of awareness regarding contemporary CIP/CIR requirements, such as awareness of cascading events, preparedness against new natural and anthropic risks, and complex cyber resilience issues. Hence, there is a need for training security teams and developing new talent as part of a broader cultural shift that considers the latest CIP/CIR challenges such as evolving threats, novel forms of attacks and disruptions, and the need to consider interconnected infrastructures and cascading effects.

Beyond the above-listed general capabilities needs and gaps that are applicable to all CIP sectors, EU-CIP partners have expertise in different sectors and have identified capabilities needs and gaps linked to specific sectors.

Preliminary Insight into the Trends and State-of-the-Art Technologies That Address Capability Gaps

The technologies and tools that can help close the gaps in CIP/CIR and can help prevent, detect, and mitigate potential threats to CIs, such as cyberattacks, physical attacks, and natural disasters. The implementation of state-of-the-art technologies and tools can boost the resilience and continuity of critical infrastructure systems, protecting society from the potentially devastating consequences of their disruption or destruction.

The main findings (according to the priority) of the EU-CIP survey about the technologies that could help in alleviating existing capability gaps are:

Cyber-physical threat intelligence
Security risk assessment
Impact assessment tools
Digital twins
Anomaly detection
Modeling of cascading Effects
Cybersecurity tools
Malware detection
Machine learning—pattern detection

In line with the identified gaps, technologies like cyber-physical threat intelligence, security risk assessment, and modeling of cascading effects were perceived as the most promising for mitigating the list of gaps. This is because the implementation of integrated security approaches and handling of cascading effects were perceived as some of the key capabilities that are currently missing in the CIP/CIR systems.

Some of the trending CIP/CIR technologies according to the internal survey of the project and the feedback of EU-CIP members were illustrated. The results of the trends survey are in line with the above-listed technologies. Specifically, cyber-physical threat intelligence represents one of the most important trends followed by collaborative threat intelligence and predictive security.

Conclusions

In an era characterized by unprecedented complexity and interconnectivity, safeguarding critical infrastructure systems is paramount to ensuring the continued functioning of modern societies and economies. The findings from the EU-CIP mission shed light on the pressing needs and gaps within the realm of critical infrastructure protection (CIP). These needs range from enhancing adaptability to improving response times, increasing transparency, and fortifying detection capabilities.

Addressing these needs is not only a technological imperative but also a multidimensional challenge that involves diverse stakeholders, standards, regulations, and policy considerations. As emerging threats and vulnerabilities reshape the CIP landscape, it is essential to foster a proactive approach that anticipates and mitigates potential disruptions. Leveraging state-of-the-art technologies, such as cyber-physical threat intelligence, security risk assessment, and machine learning, holds promise in closing existing capability gaps and enhancing resilience.

The preliminary results and the above considerations show that the project has already successfully addressed its ambitious goals. Further effort is needed and will be invested in order to improve the basis for (a) identifying gaps and priorities, (b) extracting knowledge, and (c) formulating recommendations, all of them needing to be data-driven, justified by the evidence gathered and transparent for the end users, as clearly confirmed in the interaction with the end users and resulting reports [6].

The EU-CIP mission serves as a pivotal initiative in advancing our understanding of CIP, providing a roadmap for innovation and policy development. The insights gleaned from this mission underscore the necessity for collaborative efforts among governments, industries, and academia to fortify critical infrastructure against evolving threats. By harnessing the power of innovation, aligning diverse perspectives, and fostering a culture of preparedness, we can bolster the security and resilience of critical infrastructure, ensuring its continued role as the foundation of our interconnected world.

References

Guidance notes on building Critical Infrastructure resilience in Europe and Central Asia, United Nations Development Programme. UNDP 2022.
Google Scholar
European Council Directive 2008/114/EC on the identification and designation of European Critical Infrastructures and the assessment of the need to improve their protection. (2008). http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF
https://www.oecd-ilibrary.org/sites/76326acb-en/index.html?itemId=/content/component/76326acb-en
https://www.undp.org/albania/publications/guidance-notes-building-critical-infrastructure-resilience-europe-and-central-asia
Gupta, M., Akiri, C., Aryal, K., Parker, E., & Praharaj, L. (2023). From ChatGPT to ThreatGPT: Impact of generative AI in cybersecurity and privacy. IEEE Access, 11, 80218–80245. https://doi.org/10.1109/ACCESS.2023.3300381
Article Google Scholar
Jovanović, A., Schernberg, H., & Sansavini, G. (Eds.). (2023). Disaster resilience and insurance, Springer Special Issue, https://link.springer.com/collections/jaagiajigj?utm_medium=referral&utm_source=rh_recs

Download references

Acknowledgments

This project received funding from the European Union’s Horizon Europe- research and innovation program under grant agreement no. 101073878. This chapter reflects only the authors’, views and the Research Executive Agency and the European Commission are not responsible for any use that may be made of the information it contains.

Author information

Authors and Affiliations

Engineering Ingegneria Informatica S.p.A, Rome, Italy
Emilia Gugliandolo
INNOV-ACTS Limited, Nicosia, Cyprus
John Soldatos
Norsk Regnesentral, Oslo, Norway
Habtamu Abie

Authors

Emilia Gugliandolo
View author publications
You can also search for this author in PubMed Google Scholar
John Soldatos
View author publications
You can also search for this author in PubMed Google Scholar
Habtamu Abie
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emilia Gugliandolo .

Editor information

Editors and Affiliations

Satways Ltd, Irakleio, Greece
Ilias Gkotsis
M4D, CERTH-ITI, Ilioupoli, Greece
Dimitrios Kavallieros
Bulgarian Defence Institute, Sofia, Sofiya, Bulgaria
Nikolai Stoianov
M4D, CERTH-ITI, Thessaloniki, Greece
Stefanos Vrochidis
Satways Ltd, Irakleio, Greece
Dimitrios Diagourtas
CENTRIC, Sheffield Hallam University, SHEFFIELD, UK
Babak Akhgar

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Gugliandolo, E., Soldatos, J., Abie, H. (2025). EU-CIP: European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection. In: Gkotsis, I., Kavallieros, D., Stoianov, N., Vrochidis, S., Diagourtas, D., Akhgar, B. (eds) Paradigms on Technology Development for Security Practitioners. Security Informatics and Law Enforcement. Springer, Cham. https://doi.org/10.1007/978-3-031-62083-6_42

Download citation

DOI: https://doi.org/10.1007/978-3-031-62083-6_42
Published: 30 September 2024
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-62082-9
Online ISBN: 978-3-031-62083-6
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)

Publish with us

Policies and ethics