Received:
2020-03-18 | Accepted:
2020-07-10 | Published:
2020-12-30
Title
Cyber security management of critical energy infrastructure in national cybersecurity strategies: cases of USA, UK, France, Estonia and Lithuania
Abstract
The progresses made in terms of cybersecurity in these past years have been huge, and the implementation of newer strategies has brought interesting results all over the globe. However, the full implementation of cybersecurity presents a challenge to a lot of countries, especially if considered the Critical Infrastructure Protection (CIP), which is still one of the areas with the most gaps in terms of cybersecurity. In this article, the first five countries by cybersecurity level according to the Global Cybersecurity Index (GCI) 2018, in order UK, USA, France, Estonia and Lithuania, will be evaluated for their solutions in terms of Critical Infrastructure Protection. The results will show the effective accuracy of the index and will shed light on the various approaches to Critical Infrastructure Protection.
Keywords
cybersecurity, critical infrastructure protection, management, energy security, cyber attack
JEL classifications
M15
, Q48
URI
http://jssidoi.org/ird/article/54
DOI
HAL
Pages
802-813
Funding
This research is/was funded by the European Social Fund under the No 09.3.3-LMT-K-712 "Development of Competences of Scientists, other Researchers and Students through Practical Research Activities" measure.
This is an open access issue and all published articles are licensed under a
Creative Commons Attribution 4.0 International License
Journal title
Insights into Regional Development
Volume
2
Number
4
Issue date
December 2020
Issue DOI
ISSN
ISSN 2345-0282 (online)
Publisher
VšĮ Entrepreneurship and Sustainability Center, Vilnius, Lithuania
Cited
Article views & downloads
HTML views: 3460 | PDF downloads: 1202
References
ANSSI. (2020). FAQ: The French CIIP Framework. Retrieved from ANSSI: https://www.ssi.gouv.fr/en/cybersecurity-in-france/ciip-in-france/faq/#2-3
Search via ReFindit
ANSSI. (2020). The French CIIP Framework. Retrieved from ANSSI: https://www.ssi.gouv.fr/en/cybersecurity-in-france/ciip-in-france/
Search via ReFindit
ANSSI. (2020). The French CIPP Framework. Retrieved from ANSSI: https://www.ssi.gouv.fr/en/cybersecurity-in-france/ciip-in-france/
Search via ReFindit
CCDCOE. (2020). About us. Retrieved from CCDCOE: https://ccdcoe.org/about-us/
Search via ReFindit
CESG. (2016). Common Cyber Attacks: Reducing The Impact. London: CESG. Retrieved from https://www.ncsc.gov.uk/static-assets/documents/common_cyber_attacks_ncsc.pdf
Search via ReFindit
Cichonski P., M. T. (2012). NIST Special Publication 800-61 Revision 2: Computer Security Incident Handling Guide. Washington: U.S. Department of Commerce. Tratto il giorno 2012 da https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Search via ReFindit
CISA. (2018, November 21). National Infrastructure Protection. Tratto il giorno May 8, 2020 da https://www.cisa.gov/national-infrastructure-protection-plan
Search via ReFindit
Civil Contingencies Sectretariat. (2004). The Lead Government Department and its role – Guidance and Best Practice. London: Cabinet Office. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/61355/lead-government-departments-role.pdf
Search via ReFindit
CPNI. (2020). About . Retrieved from Centre for the Protection of National Infrastructure: https://www.cpni.gov.uk/who-we-work
Search via ReFindit
Government of Estonia. (2009). Emergency Act. Tallinn: Government of Estonia. Retrieved from https://www.riigiteataja.ee/en/eli/525062014011/consolide
Search via ReFindit
Government of France. (2015). French National Digital Security Strategy. Paris: Government of France. Retrieved from https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map/strategies/information-systems-defence-and-security-frances-strategy
Search via ReFindit
Government of the Republic of Lithuania. (2018). National Cyber Incident Management Plan. Vilnius: . https://www.ird.lt/media/force_download/?url=/uploads/structure/docs/42166_cf30b855d9ac94e388b0d52cbf96ae86.pdf
Search via ReFindit
Government of the Republic of Lithuania. (2018). Resolution on the approval of the National Cyber Security Strategy. Vilnius: Government of the Republic of Lithuania.
Search via ReFindit
HM Government. (2015). National Security Strategy and Strategic Defence and Security Review 2015. London: HM Government. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/478933/52309_Cm_9161_NSS_SD_Review_web_only.pdf
Search via ReFindit
HM Government. (2016). National Cyber Security Strategy 2016-2021. London: HM Government. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf
Search via ReFindit
Homeland Security. (2013). NIPP 2013 Partnering for Critical Infrastructure Security and Resilience. Washington DC: Homeland Security. Retrieved from https://www.cisa.gov/publication/nipp-2013-partnering-critical-infrastructure-security-and-resilience
Search via ReFindit
Homeland Security. (2013). Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach. Washington DC: Homeland Security. Retrieved from https://www.cisa.gov/publication/nipp-2013-ci-risk-management-approach
Search via ReFindit
Homeland Security. (2013). Supplemental Tool: Incorporating Resilience into Critical Infrastructure Projects. Washington DC: Homeland Security. Retrieved from https://www.cisa.gov/publication/nipp-2013-resilience-ci-projects
Search via ReFindit
Homeland Security. (2013). Supplemental Tool: NPPD Resources to Support Vulnerability Assessments. Washington DC: Homeland Security. Retrieved from https://www.cisa.gov/publication/nipp-2013-resilience-ci-projects
Search via ReFindit
Homeland Security. (2015). Energy Sector-Specific Plan. Washington DC: Homeland Security. Retrieved from https://www.cisa.gov/publication/nipp-ssp-energy-2015
Search via ReFindit
Homeland Security. (2016). Critical Infrastructure Threat Information Sharing Framework. Washington DC: Homeland Security. Retrieved from https://www.cisa.gov/publication/ci-threat-info-sharing-framework
Search via ReFindit
Information System Authority. (2020, January 24). CERT-EE. Retrieved from Information System Authority: https://ria.ee/en/cyber-security/cert-ee.html
Search via ReFindit
ITU. (2019). Global Cybersecurity Index (GCI) 2018. Geneva: ITU. Retrieved from https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf
Search via ReFindit
Izycki E., C. R. (2019). Protection of critical infrastructure in national cyber security strategies. Coimbra: European Conference on Cyber Warfare and Security. Retrieved from https://www.researchgate.net/publication/335760609_Protection_of_critical_infrastructure_in_national_cyber_security_strategies
Search via ReFindit
Joint Committee on the National Security Strategy. (2018). Cyber Security of the UK’s Critical National Infrastructure: Third Report of Session 2017–19. London: House of Lords & House of Commons. Retrieved from https://publications.parliament.uk/pa/jt201719/jtselect/jtnatsec/1708/1708.pdf
Search via ReFindit
Joint Committee on the National Security Strategy. (2018). Cyber Security Skills and the UK’s Critical National Infrastructure: Second Report of Session 2017–19. London: House of Lords & House of Commons. Retrieved from https://publications.parliament.uk/pa/jt201719/jtselect/jtnatsec/706/706.pdf
Search via ReFindit
Limba, T., Plėta, T., Agafonov, K., & Damkus, M. (2017). Cyber security management model for critical infrastructure. Entrepreneurship and Sustainability Issues, 4(4), 559-573. https://doi.org/10.9770/jesi.2017.5.2(15)
Search via ReFindit
National Cyber Security Centre. (2020). National Cyber Security Centre. Retrieved from National Cyber Security Centre: https://www.nksc.lt/en/
Search via ReFindit
National Cyber Security Centre. (2020). What we do . Retrieved from National Cyber Security Centre: https://www.ncsc.gov.uk/section/about-ncsc/what-we-do
Search via ReFindit
NATO Energy Security Center of Excellence. (2020). About. Retrieved from NATO Energy Security Center of Excellence: https://enseccoe.org/en/about/6
Search via ReFindit
NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity. Washington: National Institute of Standards and Technology. doi: https://doi.org/10.6028/NIST.CSWP.04162018
Search via ReFindit
Republic of Estonia. (2018). Cybersecurity Act. Tallinn: Republic of Estonia. Retrieved from https://www.riigiteataja.ee/en/eli/523052018003/consolide
Search via ReFindit
Republic of Estonia. (2018). Cybersecurity Strategy 2019-2022. Tallinn: Republic of Estonia. Retrieved from https://www.mkm.ee/sites/default/files/kyberturvalisuse_strateegia_2022_eng.pdf
Search via ReFindit
Republic of Estonia. (2018). Requirements for risk analysis of network and information systems and description of security measures. Tallinn. Retrieved from https://www.ria.ee/en/cyber-security/critical-information-infrastructure-protection-ciip.html
Search via ReFindit
Secretariat-General for National Defence and Security. (2017). The Critical Infrastructure protection in France. Paris: Government of France. Retrieved from http://www.sgdsn.gouv.fr/uploads/2017/03/plaquette-saiv-anglais.pdf
Search via ReFindit
Technical Committee ISO/IEC JTC 1. (2013). Information technology - Security techniques - Code if practice for information security controls. Switzerland: ISO/IEC. Retrieved from https://www.iso.org/standard/62726.html
Search via ReFindit
US Department of Energy. (2015). Energy Sector Cybersecurity Framework Implementation Guidance. Washington DC: US Department of Energy. Retrieved from https://www.energy.gov/sites/prod/files/2015/01/f19/Energy%20Sector%20Cybersecurity%20Framework%20Implementation%20Guidance_FINAL_01-05-15.pdf
Search via ReFindit
RSS 1.0