Received:
2022-01-15 | Accepted:
2022-03-10 | Published:
2022-03-30
Title
Analysis of the critical infrastructure cyber security policy
Abstract
Critical infrastructures are complex operating environments that often require special protection and security. A successful security strategy design should adhere to the principles of durability, integrity, and regularity. In the European Union, there is a strong interest in the security of critical infrastructures, especially those with interdependence. Given the fact that critical infrastructures play an essential role in a country's economy, it makes them even more vulnerable. The main aim of this article is to analyze the critical infrastructures' cyber security policy. The creation of a security strategy requires identification of the needs for equipment, mode of operation, and required security level. It has to establish rules for precise operation and handling of situations. The article tackles the issues of security strategy for critical infrastructures to protect sensitive areas and sectors. In addition, a cybersecurity policy as a countermeasure is discussed.
Keywords
industry, control systems, security, privacy, attack, management, energy
JEL classifications
O38
URI
http://jssidoi.org/ird/article/89
DOI
HAL
Pages
26-39
Funding
This is an open access issue and all published articles are licensed under a
Creative Commons Attribution 4.0 International License
References
Abdulrahaman, O. O., Mohd, W. M., Raja, M. L. 2018. Smart grids security challenges: Classification by sources of threats. Journal of Electrical Systems and Information Technology, 5(3), 468-483. https://doi.org/10.1016/j.jesit.2018.01.001
Search via ReFindit
Atkins, S., Lawson, Ch, 2020. An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure, PAR, https://doi.org/10.1111/puar.13322
Search via ReFindit
Baig, Z., Zeadally, S. 2019. Cyber-Security Risk Assessment Framework for Critical Infrastructures. Intelligent Automation and Soft Computing, 25(1), 121-129.
Search via ReFindit
Bennett, B. T. 2018. Understanding, Assessing, and Responding to Terrorism: Protecting Critical Infrastructure and Personnel, the 2nd Edition. Wiley.
Search via ReFindit
Blokus, A., Dziula, P. 2019. Safety Analysis of Interdependent Critical Infrastructure Networks. Transnav-International Journal on Marine Navigation and Safety of Sea Transportation, 13(4), 781-787. http://doi.org/10.12716/1001.13.04.10
Search via ReFindit
Brucherseifer, E., Winter, H., Mentges, A., Muhlhauser, M., Hellmann, M. 2021. Digital Twin conceptual framework for improving critical infrastructure resilience. at-Automatisierungstechnik, 69(12), 1062-1080. http://doi.org/10.1515/auto-2021-0104
Search via ReFindit
Bruzgiene, R., Jurgilas, K. 2021. Securing Remote Access to Information Systems of Critical Infrastructure Using Two-Factor Authentication. Electronics, 10(15), Article Number 1819 http://doi.org/10.3390/electronics10151819
Search via ReFindit
Cernan, M., Muller, Z., Tlusty, J., Halaska, J. 2020. Critical Infrastructure and the Possibility of Increasing its Resilience in the Context of the Energy Sector. In Ed. (Muller, Z., Muller, M.) 21ST INTERNATIONAL SCIENTIFIC CONFERENCE ON ELECTRIC POWER ENGINEERING (EPE). Book Series International Scientific Conference on Electric Power Engineering, 505-509.
Search via ReFindit
Cifranic, N., Hallman, R.A., Romero-Mariona, J., Souza, B., Calton, T., Coca, G. 2020. Decepti-SCADA: A cyber deception framework for active defense of networked critical infrastructures. Internet of Things, 12 Article Number 100320 http://doi.org/10.1016/j.iot.2020.100320
Search via ReFindit
Coole, M., Corkill, J., Woodward, A. 2012. Defence-in-depth, protection in depth and security in-depth: A comparative analysis towards a common usage language. SRI Security Research Institute, Perth, Western Australia: Edith Cowan University.
Search via ReFindit
Dawson, M., Bacius, R., Vassilakos, A. 2021. Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors. Land Forces Academy Review, XXVI, 1(101), https://doi.org/10.2478/raft-2021-0011
Search via ReFindit
Djenna, A., Harous, S., Saidouni, D.E. 2021. Internet of Things Meet Internet of Threats: New Concern Cyber Security Issues of Critical Cyber Infrastructure. Applied Sciences-Basel, 11(10), Article Number 4580 http://doi.org/10.3390/app11104580
Search via ReFindit
Dong, S.J., Malecha, M., Farahmand, H., Mostafavi, A., Berke, P.R., Woodruff, S.C. 2021. Integrated infrastructure-plan analysis for resilience enhancement of post-hazards access to critical facilities. Cities, 117 Article Number 103318 http://doi.org/10.1016/j.cities.2021.103318
Search via ReFindit
Electric Reliability Corporation. Retrieved from www.nerc.com/pa/comp/Reliability Standard Audits Worksheets DL/RSAW CIP-008-5_2015_v1.docx
Search via ReFindit
Faizan, A. R., Dominic, P.D.D., Kashif, A. 2020. Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees, Sustainability, 12(20), 8576 https://doi.org/10.3390/su12208576
Search via ReFindit
Gabrijelcic, D., Caleta, D., Zahariadis, T., Santori, F., Desantis, C., & Gasparini, T. (2020). 13. Part III: Securing Critical Infrastructures of the Energy Sector: Security Challenges for the Critical Infrastructures of the Energy Sector. Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures. https://doi.org/10.1561/9781680836875.ch13
Search via ReFindit
IEEE Standards. 2013. IEEE Cyber Security for the Smart Grid. New York: IEEE Standards. Retrieved from https://ieeexplore.ieee.org/abstract/document/6613505?casa_token=wMK-pzZ6EdwAAAAA:4c4nRqlxSrEEYXLRsUo56fNrE1A_iCQotwioes8cBpp4_GHUmbSvd8FTwjKJaQXODRpQWVQ
Search via ReFindit
ISACA. 2018. COBIT® 2019 Framework: Governance and Management Objectives. ISACA. Retrieved from https://www.isaca.org/bookstore/bookstore-cobit_19-digital/wcb19igio
Search via ReFindit
Kovacevic, A., Putnik, N., Toskovic, O. 2020. Factors Related to Cyber Security Behavior. Ieee Access, 8, 125140-125148 http://doi.org/10.1109/ACCESS.2020.3007867
Search via ReFindit
Krutz, R. L. 2016. Industrial Automation and Control System Security Principles. International Society of Automation; 2nd edition.
Search via ReFindit
Li, J. H. 2020. Overview of Cyber Security Threats and Defense Technologies for Energy Critical Infrastructure. Journal of Electronics & Information Technology, 42(9), 2065-2081. http://doi.org/10.11999/JEIT191055
Search via ReFindit
Limba, T., Plėta, T., Agafonov, K., & Damkus, M. 2017. Cyber security management model for critical infrastructure. Entrepreneurship and Sustainability Issues, 4(4), 559-573. http://dx.doi.org/10.9770/jesi.2017.4.4(12)
Search via ReFindit
Lin, J., Tai, K., Kong, R.T.L., Soon, S.M. 2019. Modelling critical infrastructure network interdependencies and failure. International Journal of Critical Infrastructures, 15(1), 1-23
Search via ReFindit
Loiko, V., Khrapkina, V., Maliar, S., Rudenko, M. 2020. Economic and Legal Principles for Protecting Critical Infrastructure Protection. Financial and Credit Activity-Problems of Theory and Practice, 4(35), 426-437.
Search via ReFindit
NERC. 2019. Cyber Security – Incident Reporting and Response Planning: Implementation Guidance for CIP-008-6. North American
Search via ReFindit
NIST. 2014. Guidelines for Smart Grid Cybersecurity. Washington: NIST. http://dx.doi.org/10.6028/NIST.IR.7628r1
Search via ReFindit
NIST. 2018. Framework for Improving Critical Infrastructure Cybersecurity. Washington: National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018
Search via ReFindit
Plėta, T., Tvaronavičienė, M., & Casa, S. D. (2020). Cyber effect and security management aspects in critical energy infrastructures. Insights into Regional Development, 2(2), 538-548. https://doi.org/10.9770/IRD.2020.2.2(3)
Search via ReFindit
Rod, B., Lange, D., Theocharidou, M., Pursiainen, C. 2020. From Risk Management to Resilience Management in Critical Infrastructure. Journal Of Management In Engineering, 36(4), Article Number 04020039 ME.1943-5479.0000795 http://doi.org/10.1061/(ASCE)
Search via ReFindit
Securelist by Kaspersky https://securelist.com/ddos-attacks-in-q3-2021/104796/
Search via ReFindit
Sonesson, T.R. Johansson, J., Cedergren, A. 2021. Governance and interdependencies of critical infrastructures: Exploring mechanisms for cross-sector resilience. Safety Science, 142 Article Number 105383 http://doi.org/10.1016/j.ssci.2021.105383
Search via ReFindit
Urlainis, A., Ornai, D., Levy, R., Vilnay, O., Shohet, I.M. 2022. Loss and damage assessment in critical infrastructures due to extreme events. Safety Science, 147. Article Number 105587 http://doi.org/10.1016/j.ssci.2021.105587
Search via ReFindit
Weiss, M., Biermann, F. 2021. Cyberspace and the protection of critical national infrastructure. Journal of Economic Policy Reform http://doi.org/10.1080/17487870.2021.1905530
Search via ReFindit
Wisniewsk, M. 2020. Methodology of situational management of critical infrastructure security. Foundations of Management, 12(1), 43-60. http://doi.org/10.2478/fman-2020-0004
Search via ReFindit
Yao, X.J. Wei, H.H., Shohet, I.M., Skibniewski, M.J. 2020. Assessment of Terrorism Risk to Critical Infrastructures: The Case of a Power-Supply Substation. Applied Sciences, 10(20), Article Number 7162 http://doi.org/10.3390/app10207162
Search via ReFindit