Cloud Computing Adoption in Critical Infrastructures-Status Quo and Elements of a Research Agenda

Critical infrastructures, as the backbone of societal life, become increasingly dependent on IT. Thus, in order to ensure security and resilience, they face strict IT legislations and requirements. However, due to efficiency benefits, such as cost savings and increased flexibility, critical infrastructures increasingly adopt innovative IT models like cloud computing. This is despite the fact that migrating processes or systems into a cloud involves major risks for sensitive IT landscapes, since the control over data and security measures is delegated to cloud providers. In order to identify the current status quo of cloud computing in critical infrastructures, we conduct a systematic literature review, an analysis of cloud-based outsourcings of German critical infrastructures and expert interviews. Our findings provide an overview and a research agenda of cloud usage in critical sectors, which are helpful for critical infrastructure and cloud providers alike in order to adopt or manage cloud solutions.

[1]  Oscar Manuel Diez Gonzalez,et al.  Reliability issues related to the usage of Cloud Computing in Critical Infrastructures , 2011 .

[2]  Richard Piggin,et al.  Are industrial control systems ready for the cloud? , 2015, Int. J. Crit. Infrastructure Prot..

[3]  Markus Tauber,et al.  Trustworthy evidence gathering mechanism for multilayer cloud compliance , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[4]  Marcus Scholler,et al.  Critical services in the cloud: Understanding security and resilience risks , 2014, 2014 6th International Workshop on Reliable Networks Design and Modeling (RNDM).

[5]  Robert Keller Analyse von Risikomanagementstrategien in Cloudnetzwerken – Was tun bei verknüpften, voneinander abhängigen Cloud Services? , 2016, HMD Praxis der Wirtschaftsinformatik.

[6]  Frank Pallas,et al.  An Architectural Model for Deploying Critical Infrastructure Services in the Cloud , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[7]  Ali Al-Dahoud,et al.  E-GOVERNMENT: BENEFITS, RISKS AND A PROPOSAL TO ASSESSMENT INCLUDING CLOUD COMPUTING AND CRITICAL INFRASTRUCTURE , 2013 .

[8]  Silia Maksuti,et al.  Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud , 2015, 2015 3rd International Conference on Future Internet of Things and Cloud.

[9]  Frank Teuteberg,et al.  IT-Risikomanagement von Cloud-Dienstleistungen im Kontext des IT-Sicherheitsgesetzes , 2017, HMD Praxis der Wirtschaftsinformatik.

[10]  Franz Lehner,et al.  Cloud Computing Ecosystem Model: Refinement and Evaluation , 2016, ECIS.

[11]  Thar Baker,et al.  Security-oriented cloud computing platform for critical infrastructures , 2012, Comput. Law Secur. Rev..

[12]  Andreas Mauthe,et al.  Towards Continuous Cloud Service Assurance for Critical Infrastructure IT , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[13]  Christian Jung,et al.  Security policy specification templates for critical infrastructure services in the cloud , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[14]  Jochen Gläser,et al.  Experteninterviews und qualitative Inhaltsanalyse , 2010 .

[15]  Madjid Merabti,et al.  Secure Cloud Computing for Critical Infrastructure: A Survey , 2012 .

[16]  Brett van Niekerk,et al.  Cloud-based security mechanisms for critical information infrastructure protection , 2013, 2013 International Conference on Adaptive Science and Technology.

[17]  M. A. C. Dekker Critical Cloud Computing. A CIIP perspective on cloud computing services , 2013 .

[18]  Christian Wagner,et al.  Categorization of Standards, Guidelines and Tools for Secure System Design for Critical Infrastructure IT in the Cloud , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[19]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[20]  Qi Shi,et al.  Hosting critical infrastructure services in the cloud environment considerations , 2015, Int. J. Crit. Infrastructures.

[21]  Ulrich Lampe,et al.  On the Relevance of Security Risks for Cloud Adoption in the Financial Industry , 2013, AMCIS.

[22]  Christian Wagner,et al.  Sicherheit und rechtliche Herausforderungen in Bezug auf Cloud Computing und Kritische Infrastruktur-IT , 2014, Elektrotech. Informationstechnik.

[23]  Subhajyoti Bandyopadhyay,et al.  Cloud Computing - The Business Perspective , 2011, 2011 44th Hawaii International Conference on System Sciences.

[24]  Ivona Brandic,et al.  Security standards taxonomy for Cloud applications in Critical Infrastructure IT , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[25]  Ioannis M. Stephanakis,et al.  Security and Protection of Critical Infrastructures: A Conceptual and Regulatory Overview for Network and Information Security in the European Framework, also focusing upon the Cloud Perspective , 2015, EANN '15.

[26]  Björn Niehaves,et al.  Reconstructing the giant: On the importance of rigour in documenting the literature search process , 2009, ECIS.

[27]  David Hutchison,et al.  SECCRIT: Secure Cloud Computing for High Assurance Services , 2013, ERCIM News.