A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda

Critical infrastructure is an asset or a system that is essential for the maintenance of vital societal functions. The protection of such an infrastructure requires more than a technical understanding of the underlying issues; it also needs an understanding of the organizational aspects. Although there are several standards and guidelines for the protection of critical infrastructure, they are usually vague and do not offer practical solutions. In this paper, we describe a `work in progress' holistic approach for enhancing critical infrastructure protection. First, we introduce the theoretical background of this study. Then, based on this theoretical foundation, we propose a holistic approach which takes into account both organisational and technical measures. In addition, we provide a synopsis of our research outcomes so far and our ongoing work towards enhancing critical infrastructure protection.

[1]  Josune Hernantes,et al.  Critical infrastructure dependencies: A holistic, dynamic and quantitative approach , 2015, Int. J. Crit. Infrastructure Prot..

[2]  Livinus Obiora Nweke,et al.  Legal Issues Related to Cyber Threat Information Sharing Among Private Entities for Critical Infrastructure Protection , 2020, 2020 12th International Conference on Cyber Conflict (CyCon).

[3]  S. Gutwirth,et al.  Ethics, law and privacy: Disentangling law from ethics in privacy discourse , 2014, 2014 IEEE International Symposium on Ethics in Science, Technology and Engineering.

[4]  Y.K. Malaiya,et al.  Prediction capabilities of vulnerability discovery models , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[5]  Martin W. Gerdes,et al.  A STRIDE-Based Threat Model for Telehealth Systems , 2015 .

[6]  Stephen D. Wolthusen,et al.  A Review of Asset-Centric Threat Modelling Approaches , 2020 .

[7]  Bian Yang,et al.  Data-Driven and Artificial Intelligence (AI) Approach for Modelling and Analyzing Healthcare Security Practice: A Systematic Review , 2020, IntelliSys.

[8]  Marion Berbineau,et al.  Cyber-physical Threats and Vulnerabilities Analysis for Train Control and Monitoring Systems , 2018, 2018 International Symposium on Networks, Computers and Communications (ISNCC).

[9]  Basel Katt,et al.  Vulnerability Discovery Modelling With Vulnerability Severity , 2019, 2019 IEEE Conference on Information and Communication Technology.

[10]  Daniel P. Newman,et al.  Penetration Testing and Network Defense , 2005 .

[11]  Yashwant K. Malaiya,et al.  Vulnerability Discovery Modeling Using Weibull Distribution , 2008, 2008 19th International Symposium on Software Reliability Engineering (ISSRE).

[12]  Stephen D. Wolthusen,et al.  Ethical Implications of Security Vulnerability Research for Critical Infrastructure Protection , 2020, Wirtschaftsinformatik.

[13]  L. Labaka,et al.  A holistic framework for building critical infrastructure resilience , 2016 .

[14]  Stephen D. Wolthusen,et al.  Modelling Adversarial Flow in Software-Defined Industrial Control Networks Using a Queueing Network Model , 2020, 2020 IEEE Conference on Communications and Network Security (CNS).

[15]  Stephen D. Wolthusen,et al.  Adversary Model for Attacks Against IEC 61850 Real-Time Communication Protocols , 2020, 2020 16th International Conference on the Design of Reliable Communication Networks DRCN 2020.

[16]  Barack Obama,et al.  Statement on the Release of the 'Framework for Improving Critical Infrastructure Cybersecurity' by the National Institute of Standards and Technology, February 12, 2014 , 2014 .

[17]  Stephen D. Wolthusen,et al.  Understanding Attribute-based Access Control for Modelling and Analysing Healthcare Professionals’ Security Practices , 2020 .

[18]  Stephen D. Wolthusen,et al.  Resilience Analysis of Software-Defined Networks Using Queueing Networks , 2020, 2020 International Conference on Computing, Networking and Communications (ICNC).

[19]  Theodore Tryfonas,et al.  A Holistic Approach for Cyber Assurance of Critical Infrastructure with the Viable System Model , 2014, SEC.