A view of trust and information system security under the perspective of critical infrastructure protection

Although trust is recognized as important in security issues of computer networking environments, few studies on information systems deal with both trust and security, and those existing tend to remain within the short perimeter of two-agent interactions. We propose to rethink trust research on information system security by considering the holistic approach of critical infrastructure protection (CIP). After introducing the problem, we give the definitions that are necessary for a common understanding of the concepts of critical infrastructures and trust. Some works on critical infrastructure protection involving information systems are then described briefly. Finally, we present our transdisciplinary view of trust research on information system security under the perspective of CIP.

[1]  Meikang Qiu,et al.  Impact of Cyber-Attacks on Critical Infrastructure , 2016, 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS).

[2]  Traci B Warrington,et al.  BUILDING TRUST TO DEVELOP COMPETITIVE ADVANTAGE IN E‐BUSINESS RELATIONSHIPS , 2000 .

[3]  Christopher A. Pohl,et al.  Methodological challenges of transdisciplinary research , 2008 .

[4]  Guy Andre Boy,et al.  Dealing with the Unexpected in Our Complex Socio-Technical World , 2013, IFAC HMS.

[5]  Xin Li,et al.  Why do we trust new technology? A study of initial trust formation with organizational information systems , 2008, J. Strateg. Inf. Syst..

[6]  E. Luiijf,et al.  Governing Critical ICT: Elements that Require Attention , 2015, European Journal of Risk Regulation.

[7]  N. L. Chervany,et al.  Reflections on an initial trust-building model , 2006 .

[8]  Terje Aven,et al.  On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience , 2011, Risk analysis : an official publication of the Society for Risk Analysis.

[9]  D. H. Mills The Logic and Limits of Trust , 1983 .

[10]  John Han Numan Knowledge-based systems as companions , 1998 .

[11]  Franck Guarnieri,et al.  Resilience activation in extreme situations: a literature review , 2016 .

[12]  Damien Serre,et al.  Adding value to critical infrastructure research and disaster risk management: the resilience concept , 2013 .

[13]  Michael Gibbons,et al.  The Potential of Transdisciplinarity , 2001 .

[14]  Edward M. Roche,et al.  Critical Foundations: Protecting America's Infrastructures , 1998 .

[15]  Hisashi Yasunaga,et al.  Information and Knowledge , 2008 .

[16]  R. Scholz,et al.  Transdisciplinarity : joint problem solving among science, technology, and society : an effective way for managing complexity , 2001 .

[17]  Daniel Thürer,et al.  NET-CENTRIC WARFARE AND ITS IMPACT ON SYSTEM-OF-SYSTEMS , 2005 .

[18]  Jérôme Euzenat,et al.  Ten Challenges for Ontology Matching , 2008, OTM Conferences.

[19]  Mathieu d'Aquin,et al.  Modularizing Ontologies , 2012, Ontology Engineering in a Networked World.

[20]  Ö. Özer,et al.  Trust and Trustworthiness , 2017, The Handbook of Behavioral Operations.

[21]  E. Uslaner The Moral Foundations of Trust , 2002 .

[22]  Fabio Bisogni,et al.  Assessing the Economic Loss and Social Impact of Information System Breakdowns , 2010, Critical Infrastructure Protection.

[23]  S. S. Chopra,et al.  Interconnectedness and interdependencies of critical infrastructures in the US economy: Implications for resilience , 2015 .

[24]  Supriya Chinthavali,et al.  Reliable communication models in interdependent critical infrastructure networks , 2016, 2016 Resilience Week (RWS).

[25]  Masooda Bashir,et al.  Trust in Automation , 2015, Hum. Factors.

[26]  J. Galland,et al.  Critique de la notion d'infrastructure critique , 2010 .

[27]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[28]  H.A.M. Luiijf,et al.  International Policy Framework for Protecting Critical Information Infrastructure: A Discussion Paper Outlining Key Policy Issues , 2005 .

[29]  N. Luhmann Familiarity, Confidence, Trust: Problems and Alternatives , 2000 .

[30]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[31]  P. Lamsal Understanding Trust and Security , 2001 .

[32]  Jessie Y. C. Chen,et al.  A Meta-Analysis of Factors Affecting Trust in Human-Robot Interaction , 2011, Hum. Factors.

[33]  France Bélanger,et al.  The utilization of e‐government services: citizen trust, innovation and acceptance factors * , 2005, Inf. Syst. J..

[34]  Gayatri Swamynathan,et al.  Decoupling Service and Feedback Trust in a Peer-to-Peer Reputation System , 2005, ISPA Workshops.

[35]  N. Truong,et al.  A Reputation and Knowledge Based Trust Service Platform for Trustworthy Social Internet of Things , 2016 .

[36]  Comment maintenir des relations de confiance et construire du sens face à une crise , 2015 .

[37]  J. L. Coze De l'investigation d'accident à l'évaluation de la sécurité industrielle : proposition d'un cadre interdisciplinaire (concepts, méthode, modèle) , 2011 .

[38]  Roderick M. Kramer,et al.  Trust and distrust in organizations: emerging perspectives, enduring questions. , 1999, Annual review of psychology.

[39]  Enrico Zio,et al.  Critical Infrastructures Vulnerability and Risk Analysis , 2016 .

[40]  Enrico Zio,et al.  Reliability engineering: Old problems and new challenges , 2009, Reliab. Eng. Syst. Saf..

[41]  Raymond R. Tan,et al.  State of the Art in Risk Analysis of Workforce Criticality Influencing Disaster Preparedness for Interdependent Systems , 2014, Risk analysis : an official publication of the Society for Risk Analysis.

[42]  Bilge Karabacak,et al.  A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness , 2016, Int. J. Crit. Infrastructure Prot..

[43]  Cumberland Emergency,et al.  Framework for Improving Critical Infrastructure Cybersecurity News From Down Under , 2014 .

[44]  Enrico Zio,et al.  Vulnerable Systems , 2011 .

[45]  Michael Uschold,et al.  Ontologies: principles, methods and applications , 1996, The Knowledge Engineering Review.

[46]  J. H. Davis,et al.  An Integrative Model of Organizational Trust: Past, Present, and Future , 2007 .

[47]  R. Lewicki,et al.  Trust And Distrust: New Relationships and Realities , 1998 .

[48]  John Han Numan Knowledge-based systems as companions : Trust, human computer interaction and complex systems , 1998 .

[49]  J. Lewis,et al.  Trust as a Social Reality , 1985 .

[50]  Alec Yasinsac,et al.  Help! Is There a Trustworthy-Systems Doctor in the House? , 2013, IEEE Security & Privacy.

[51]  James L. Szalma,et al.  A Meta-Analysis of Factors Influencing the Development of Trust in Automation , 2016, Hum. Factors.

[52]  J. Lewis,et al.  The Social Dynamics of Trust: Theoretical and Empirical Research, 1985–2012 , 2012 .

[53]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[54]  B.M. Hammerli C(I)IP task description and a proposal for a substitute of national C(I)IP policies , 2005, First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05).

[55]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[56]  Göran N Ericsson,et al.  Cyber Security and Power System Communication—Essential Parts of a Smart Grid Infrastructure , 2010, IEEE Transactions on Power Delivery.

[57]  Jean Pierre Lévy Mangín,et al.  The Moderating Role of Risk, Security and Trust Applied to theTAM Model in The Offer of Banking Financial Services in Canada , 2014 .

[58]  Georg Disterer,et al.  ISO/IEC 27000, 27001 and 27002 for Information Security Management , 2013 .

[59]  Adrian V. Gheorghe Critical Infrastructures at Risk: Securing the European Electric Power System , 2006 .

[60]  Patrick G. McKeown,et al.  Information Systems: Creating Business Value , 2006 .

[61]  Stephen D. Wolthusen,et al.  Critical Infrastructure Protection , 2012, Lecture Notes in Computer Science.

[62]  Matthew Henry,et al.  Risk Analysis in Interdependent Infrastructures , 2007, Critical Infrastructure Protection.

[63]  Daniel Zappala,et al.  A case study of a systematic attack design method for critical infrastructure cyber-physical systems , 2016, 2016 American Control Conference (ACC).

[64]  Jon M. Werner,et al.  Managers as Initiators of Trust: An Exchange Relationship Framework for Understanding Managerial Trustworthy Behavior , 1998 .

[65]  Michele J. Gelfand,et al.  Trust after violations: Are collectivists more or less forgiving? , 2015 .

[66]  Margot Weijnen,et al.  Infrastructures at Risk , 2006 .

[67]  Roland Rieke Tool based formal Modelling, Analysis and Visualisation of Enterprise Network Vulnerabilities utilising Attack Graph Exploration , 2004 .

[68]  Panayiotis Kotzanikolaou,et al.  Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures , 2016, Int. J. Crit. Infrastructure Prot..

[69]  Wilhelm Hasselbring,et al.  Toward trustworthy software systems , 2006, Computer.

[70]  Sherali Zeadally,et al.  Critical infrastructure protection: Requirements and challenges for the 21st century , 2015, Int. J. Crit. Infrastructure Prot..

[71]  Jason Bennett Thatcher,et al.  Trust in a specific technology: An investigation of its components and measures , 2011, TMIS.

[72]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[73]  Donald Firesmith,et al.  Common Concepts Underlying Safety, Security, and Survivability Engineering , 2003 .

[74]  J. H. Davis,et al.  An Integrative Model Of Organizational Trust , 1995 .

[75]  Bernd Blobel,et al.  Trust-based information system architecture for personal wellness , 2014, MIE.

[76]  Bonnie M. Muir,et al.  Trust in automation. I: Theoretical issues in the study of trust and human intervention in automated systems , 1994 .

[77]  Jose J. Gonzalez,et al.  A Framework for Conceptualizing Social Engineering Attacks , 2006, CRITIS.

[78]  Igor Nai Fovino,et al.  Approach to security assessment of critical infrastructures' information systems , 2011, IET Inf. Secur..

[79]  Yacov Y Haimes,et al.  On the Definition of Resilience in Systems , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[80]  R. Lewicki,et al.  Developing and Maintaining Trust in Work Relationships , 1996 .

[81]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[82]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[83]  M. Deutsch Trust and suspicion , 1958 .

[84]  Bonnie M. Muir,et al.  Trust Between Humans and Machines, and the Design of Decision Aids , 1987, Int. J. Man Mach. Stud..

[85]  P. Rosenfield,et al.  The potential of transdisciplinary research for sustaining and extending linkages between the health and social sciences. , 1992, Social science & medicine.

[86]  Rino Falcone,et al.  Trust is much more than subjective probability: mental components and sources of trust , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[87]  Joshua Fogel,et al.  Internet social network communities: Risk taking, trust, and privacy concerns , 2009, Comput. Hum. Behav..

[88]  Deanne N. Den Hartog,et al.  Measuring trust inside organisations , 2006 .

[89]  G. Heimeriks,et al.  Disciplinary, Multidisciplinary, Interdisciplinary: Concepts and Indicators. , 2001 .

[90]  B. Misztal Trust in Modern Societies: The Search for the Bases of Social Order , 1996 .

[91]  H H Schmitz,et al.  Information Management Systems , 2017, Encyclopedia of GIS.

[92]  Myriam Dunn,et al.  The socio-political dimensions of critical information infrastructure protection (CIIP) , 2005, Int. J. Crit. Infrastructures.

[93]  John D. Moteff,et al.  Critical Infrastructure and Key Assets: Definition and Identification , 2004 .

[94]  Patrick I. Offor Managing Risk in Secure System: Antecedents to System Engineers' Trust Assumptions Decisions , 2013, 2013 International Conference on Social Computing.

[95]  Norman L. Chervany,et al.  Trust and Distrust Definitions: One Bite at a Time , 2000, Trust in Cyber-societies.

[96]  Felipe Souza Pinheiro,et al.  INFORMATION SECURITY AND ISO 27001 , 2015 .