Abstract
This chapter discusses new societal risk due to the fast information and communication as well as operational technology changes which are not yet fully taken into account by governmental policymakers and regulators. Internet-of-things, cloud computing, mass consumer markets and embedded operational technologies are some of the areas outlined in this chapter which may be the cause for serious disruptions of critical infrastructures, critical information infrastructures, essential services, and the undisturbed functioning of the society. Current national protection approaches mainly focus on the classical telecommunication sector and the stove-piped critical sectors such as energy, health, transport, etcetera. This chapter argues that a change of mind and actions are needed to properly govern the new cyber risk before serious incidents occur and that such a new approach is urgently needed to make the societies at large more resilient.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Operational technology (OT) according to [3] is the technology commonly found in cyber-physical systems that is used to manage physical processes and actuation through the direct sensing, monitoring and or control of physical devices. OT generally monitors and controls physical processes with sensors and actuators such as motors, valves, and pumps.
References
Bevir M (2012) Governance: a very short introduction. Oxford University Press, Oxford
Boemer JC et al (2011) Overview of German grid issues and retrofit of photovoltaic power plants in Germany for the prevention of frequency stability problems in abnormal system conditions of the ENTSO-E region continental Europe. In: 1st international workshop on integration of solar power into power systems, p 6
Boyes H, Isbell R (2017) Code of practice cyber security for ships. London, United Kingdom
CIPedia(c) (n.d.). Available at: http://www.cipedia.eu. Accessed 18 June 2018
CISCO (n.d.) Internet of Things (IoT). Available at: https://www.cisco.com/c/en/us/solutions/internet-of-things/overview.html. Accessed 16 June 2018
DHS (2017) Critical infrastructure sectors. Available at: https://www.dhs.gov/critical-infrastructure-sectors
ENISA (2017) Considerations on ICT security certification in EU Survey Report. Heraklion, Greece https://doi.org/10.2824/090677
European Commission (2016) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Brussels, Belgium. Available at: http://data.europa.eu/eli/dir/2016/1148/oj
European Commission (2017) Proposal for a Regulation of the European Parliament and of the Council establishing a framework for screening of foreign direct investments into the European Union. Brussels, Belgium. Available at: https://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-487-F1-EN-MAIN-PART-1.PDF
Fisher D (2017) BrickerBot, Mirai and the IoT Malware Knife Fight. Digital Guardian blog. 26 April. Available at: https://digitalguardian.com/blog/brickerbot-mirai-and-iot-malware-knife-fight.
Justicenews (2015) Facebook outage sparks calls to 911. Justice Bews Flash. 27 January. Available at: http://www.justicenewsflash.com/2015/02/02/facebook-outage-sparks-calls-to-911_20150202133988.html.
Luiijf E, Klaver M (2015) Governing critical ICT: elements that require attention. Eur J Risk Regul 6(2):263–270. https://doi.org/10.1017/S1867299X00004566
Luiijf E, Van Schie T, Van Ruijven T (2017) Companion document to the GFCE-MERIDIAN good practice guide on critical information infrastructure protection for governmental policy-makers. The Hague, Netherlands. Available at: https://www.thegfce.com/good-practices/documents/publications/2017/10/30/companion-document-to-the-gfce-meridian-good-practice-guide-on-ciip
Ministry of Security and Justice (2011) Dossier DigiNotar webpage, Dossier DigiNotar. Available at: https://www.ncsc.nl/english/current-topics/Files/dossier-diginotar.html.
Olenick D (2018) Researchers uncover BranchScope, a new Intel processor vulnerability. SC Magazine, 27 March. Available at: https://www.scmagazine.com/researchers-uncover-branchscope-a-new-intel-processor-vulnerability/article/754159/
StasV&W (2001) Nota Kwetsbaarheid op internet (KWINT). The Hague, The Netherlands: Tweede Kamer der Staten Generaal. Available at: https://zoek.officielebekendmakingen.nl/dossier/26643/kst-26643-30
The Council of the European Union (2008) Council Directive 2008/114/EC of 8 December 2008 on the indentification and designation of European critical infrastructures and the assessment of the need to improve their protection. Off J Eur Union 75–82
TNO (2017) Truck platooning technology ready for the public roads. The Hague, The Netherlands. Available at: https://www.tno.nl/en/about-tno/news/2017/10/truck-platooning-technology-ready-for-the-public-roads/. Accessed 18 June 2018
Touton L (2002) IANA handling of root-zone changes. Available at: http://www.dnso.org/clubpublic/council/Arc11/msg00123.html.
Vanhoef M, Piessens F (2017) Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017). ACM, pp. 1313–1328. Available at: https://lirias.kuleuven.be/handle/123456789/620017
Wagenseil P (2014) Heartbleed: who was affected, what to do now. Tom’s Guident, April. Available at: https://www.tomsguide.com/us/heartbleed-bug-to-do-list,news-18588.html.
Acknowledgments
This chapter is a follow-up on earlier work by the authors in the domain of legal risk regulation which was published in [12].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Luiijf, E., Klaver, M. (2019). Resilience Approach to Critical Information Infrastructures. In: Gritzalis, D., Theocharidou, M., Stergiopoulos, G. (eds) Critical Infrastructure Security and Resilience. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-00024-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-00024-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00023-3
Online ISBN: 978-3-030-00024-0
eBook Packages: Computer ScienceComputer Science (R0)