A GIS-based framework for high-level climate change risk assessment of critical infrastructure

The paper includes a list of existing maturity models (cybersecurity maturity) and an analysis of the application of these models for assessing cybersecurity, the level, and maturity of cyber security, the maturity of systems and processes for ensuring cybersecurity in critical infrastructure sectors, in the national cybersecurity system, the development of indicators and indices of the state of security (network, information security, cybersecurity).The paper substantiates and proposes a hierarchy of models for assessing the maturity of cyber security in the national cyber security ecosystem (in the national cyber security system, critical infrastructure, particularly the fuel and energy sector). The investigation's main goal is to intensify the implementation of existing assessment models using multi-level cyber security assessment models (cybersecurity maturity), accumulating statistical data on cyber incidents, cyber-attacks, and countermeasures for further use in predictive analysis and modeling.The tasks of the research are the analysis, comparative analysis of existing models for evaluating the maturity of cyber security, formulation of evaluation models using indicators of cyber security and maturity of cyber security defined by existing normative documents, as well as in the construction of a hierarchy of models for evaluating cyber security in the national system of cyber security, critical infrastructure, fuel and energy sector, development of methodological bases for assessment using cyber security indices. A draft of the methodology for assessing the cyber security of electrical networks, suitable for use in critical infrastructure, has been developed.

Manhole intrusion detection system with notification stages

Introduction to <i>Climate Change Adaptation in New York City: Building a Risk Management Response</i>

As the number of threats and the severity of their impact increases, an ever greater emphasis is being placed on the protection of critical infrastructure. Thus, the issue of resilience, or its assessment and strengthening, is increasingly coming to the fore. The resilience assessment of critical infrastructure, especially in the energy sector, has received considerable attention due to the high level of interest in this issue. However, the issue of strengthening resilience poses a significant challenge not only in the energy sector but also in the entire critical infrastructure system. Despite the great importance of this area, there is not a large number of authors moving in this direction and paying attention to resilience-strengthening tools. For this reason, the aim of this article is to provide the reader with a comprehensive methodological overview of resilience strengthening in the critical energy infrastructure sector. This article also provides an overview of internal and external tools suitable for strengthening resilience and presents a possible procedure for their application to energy critical infrastructure elements.

Cities are at the forefront of the battle against climate change. We are the source of approximately 80% of global greenhouse gas emissions. And as the climate changes, densely populated urban areas—particularly coastal cities—–will disproportionately feel the impacts. Those of us in local government recognize the importance of national and international leadership on climate change. But we are not waiting for others to act first. Under PlaNYC, New York City's comprehensive sustainability plan, most of our efforts have focused on reducing our greenhouse gas emissions. Initiatives including the Greener, Greater Buildings Plan, which will increase energy efficiency of existing buildings, and retrofitting ferries to use cleaner fuel, will help us meet our goal of reducing the city's emissions by 30% by 2030. These actions alone, however, will not stop climate change. We already face climate risks today, including heat waves, blackouts, flooding, and coastal storms. With climate change these risks will only increase. To ensure that New York City is resilient to existing and future climate risks, we must take further action. Through a generous contribution from the Rockefeller Foundation, I convened the New York City Panel on Climate Change (NPCC), which gathered the leading climate change scientists, academics, and insurance, risk management and legal experts. These experts helped develop a framework and tools to assist the City create a risk-based response to climate change that is grounded in state-of-the-art science information. In February 2009, the NPCC released the most detailed climate risk information for any major city in the world; this volume of the Annals of the New York Academy of Sciences presents the NPCC's full findings. The NPCC climate change projections put numbers to what we already know: climate change is real and could have serious consequences for New York if we do not take action. I appreciate the hard work of the members of the New York City Panel on Climate Change. Through PlaNYC, the City will build on their work as we craft strategies to improve the city's resilience to climate. Building climate resilience can take many forms, including increasing our understanding of climate risks and vulnerabilities, hardening facilities and assets to prevent impacts, educating vulnerable populations about risks, and ensuring that we can quickly resume operations after weather events occur. In the coming months, the New York City Climate Change Adaptation Task Force, another PlaNYC initiative, will release a plan detailing how Task Force members will prepare the city's critical infrastructure for warmer temperatures, changing precipitation patterns, and rising sea levels. Planning for climate change today is less expensive than rebuilding an entire network after a catastrophe. We simply can't wait to plan for the effects of climate change. The NPCC and Rockefeller Foundation's contributions to the City's climate resilience efforts will help ensure that we create a greener, greater New York for future generations. In 2008, Mayor Bloomberg established the New York City Panel on Climate Change (NPCC), with the mandate to provide New York City with the most up-to-date and comprehensive scientific, technical, and socioeconomic information about climate change and its impacts on the city and environs. Climate Change Adaptation in New York City: Building a Risk Management Response is the first report of the NPCC. The report will help New York City develop, adopt, and implement policies to adapt the city's critical infrastructure to the changing climate. This NPCC report outlines a powerful and novel framework for deploying sophisticated tools of risk management to address the city's climate adaptation challenges, and details with rigor and insight the critical challenges that climate change poses to New York City's energy, transportation, water, and communications systems. The report also presents a coordinated set of climate projections prepared by the NPCC to be used by the many public agencies and private-sector organizations that manage critical infrastructure in the region as they develop adaptation strategies, and it describes how legal and regulatory tools can support adaptation policies. The challenges facing the insurance industry and the use of insurance to reduce climate risks are also described at length. A final section sets forth the indicators and monitoring activities needed to inform Flexible Adaptation Pathways as the City and region move forward. The NPCC report is the product of the committed scientists and experts in the New York City region who served as authors, led by Co-chairs Cynthia Rosenzweig and William Solecki. The dedicated Science and Policy Team at the Columbia Earth Institute and the CUNY Institute for Sustainable Cities organized the process that has resulted in the production of this landmark report. It is becoming recognized throughout the world that cities have a crucial role to play in responding to climate change. The NPCC 2010 Report puts climate change adaptation in New York City in the broader national and international contexts and helps establish New York City as a thought and policy leader in this urgent endeavor. Climate Change Adaptation in New York City will be widely read around the world, both for its specific insights and also as a roadmap for other cities in preparing plans for climate change adaptation. The work of the NPCC is a pioneering activity for which all New Yorkers, and all others around the world who will benefit, should be most grateful. The Rockefeller Foundation also merits our gratitude for the generous support it has provided to this endeavor. Climate change will have a profound impact on New York City and its residents as it alters environmental baselines on which the urban infrastructure was built. Despite this, both the City and its stakeholders have a wide range of tools and resources with which to respond to the problem. Key insights in the following report derive from the highly integrated connections between science and public policy as they relate to climate change. The New York City Panel on Climate Change, for example, comprises a number of scientists and other technical experts capable of considering the issues at hand with a view to understanding the potential impacts of climate change and options for adaptation. The City University of New York is well placed to contribute to the multifaceted complex questions of climate change and how the city will be affected. This requires a multidisciplinary approach that can draw from the deep resources of the colleges that make up our institution. In addition, the New York City Panel on Climate Change had ongoing, continuous, and fruitful communication with the Mayor's Office of Long Term Planning and Sustainability, and the New York City Climate Change Adaptation Task Force. The collaborations brought forward in this document embody the culmination of a first step in a science–policy linkage that will be required to effectively address climate change in New York City. In addition, these collaborations show how great universities in a great city can link together to make a positive difference in the lives of its citizens.

A novel framework for risk assessment and resilience of critical infrastructure towards climate change

Bangladesh aims to become a high-income country by 2041, requiring investment in critical infrastructure sectors. Disruptions in one sector can affect others, so prioritizing actions for key sectors is essential when resources are limited. Since no country has endless resources, the current strategy is to focus on developing infrastructure in order of importance. This means that the most critical infrastructure is given priority when allocating resources. The aim of this study was to identify the critical infrastructure sectors and their interdependencies in Bangladesh. While the science of critical infrastructure protection and resilience is well-developed in high-income and developed economies, this research sheds light on identifying critical infrastructure in developing nations like Bangladesh. To identify the critical infrastructure sectors, a comprehensive literature survey was conducted, which was verified and validated by country experts. Policymakers, practitioners, and researchers were consulted through key informant interviews (KII). Interpretive structural modeling (ISM) was applied to determine the interdependencies among identified sectors. Furthermore, cross-impact matrix multiplication applied to classification (MICMAC) analysis was applied to categorize the identified sectors based on driving power and dependence of sectors. The study found that 14 sectors—energy, information and communication technology (ICT), media and culture, law enforcement, transportation, among others—need extra protection measures. It also identified infrastructures with driving power and dependencies in the country’s context. Additionally, this article offers recommendations for improving policy and institutional actions to enhance the resilience of critical infrastructure in the country.

The cybersecurity of critical infrastructures is an essential topic within national and international security as 16 critical infrastructure sectors touch various aspects of American society. Because the failure to provide adequate cybersecurity controls within the critical infrastructure sectors renders the country open to an attack that could have a debilitating effect on security, national public health, safety, and economic security, this matter is so vital that there is the Presidential Policy Directive (PPD) 21 Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning and resilient critical infrastructure. An organization identified as the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS) has the mission to be the risk advisor for the United States (US). Other organizations, such as the National Security Agency (NSA), have approved a specific Knowledge Unit (KU) to address cybersecurity for critical infrastructures associated with doctoral-level granting programs. To address this challenge, it is necessary to identify threats better and defend against them while mitigating risks to an acceptable level. Only then can a nation build a more secure and resilient infrastructure for the future while defending against present-day bad actors as cyberwarfare, cyber espionage, and cybersecurity attacks are the modern-day threats that need to be addressed in planning, designing, implementation, and maintenance. Therefore, the researchers developed a case study reviewing threats against different sectors defined in the PPD.

By 2030, forecasts suggest that urban areas will house 60 percent of the world’s population and one in every three people will live in cities with at least half a million inhabitants. Within the same time frame, the number of global megacities is expected to jump from 33 today to 43 in 2030 [1]. Underpinning these large urban areas will be an interconnected network of critical physical infrastructures reliant on Internet-connected Industrial Control Systems and susceptible to increasingly sophisticated, e.g., AI-enabled, cyber threats. In hand, the cyber threat landscape is shifting rapidly. We are seeing a sharp rise in the number of cyberattacks on critical infrastructure [2] with significant impacts cascading across multiple sectors and causing disruption to the provisioning of essential goods and services. Security scholars suggest that these impacts are not always equitable and that disruption to critical infrastructure can affect vulnerable groups differently [3], which further emphasizes the need to improve cybersecurity between critical infrastructure sectors [4]. Through structured analysis of city statistics, demographic information, cyber incidents, and current cyber policy, our presentation will articulate potential social implications of megacity growth through the lens of cyber-physical infrastructure disruption. We investigate the largest 15 megacities in the world and find that megacities continue to grow in population but not in cyber policy. We highlight recent examples of cyber-physical disruption in Mumbai and New York City with focus on implications for vulnerable populations. Our work suggests the need for future research on social responsibility regarding security of these critical infrastructure sectors and on the need for technology-focused law, policy, and regulation guidelines.

A capabilities approach to the prioritization of critical infrastructure

Securing the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help the United States Executive administration, legislators, and critical infrastructure decision-makers prioritize cybersecurity, combat emerging threats, craft meaningful policy, embrace modernization, and critically evaluate nascent technologies. The book is divided into 18 chapters that are focused on the critical infrastructure sectors identified in the 2013 National Infrastructure Protection Plan (NIPP), election security, and the security of local and state government. Each chapter features viewpoints from an assortment of former government leaders, C-level executives, academics, and other cybersecurity thought leaders. Major cybersecurity incidents involving public sector systems occur with jarringly frequency; however, instead of rising in vigilant alarm against the threats posed to our vital systems, the nation has become desensitized and demoralized. This publication was developed to deconstruct the normalization of cybersecurity inadequacies in our critical infrastructures and to make the challenge of improving our national security posture less daunting and more manageable. To capture a holistic and comprehensive outlook on each critical infrastructure, each chapter includes a foreword that introduces the sector and perspective essays from one or more reputable thought-leaders in that space, on topics such as: The State of the Sector (challenges, threats, etc.) Emerging Areas for Innovation Recommendations for the Future (2021–2025) Cybersecurity Landscape ABOUT ICIT The Institute for Critical Infrastructure Technology (ICIT) is the nation’s leading 501(c)3 cybersecurity think tank providing objective, nonpartisan research, advisory, and education to legislative, commercial, and public-sector stakeholders. Its mission is to cultivate a cybersecurity renaissance that will improve the resiliency of our Nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders. ICIT programs, research, and initiatives support cybersecurity leaders and practitioners across all 16 critical infrastructure sectors and can be leveraged by anyone seeking to better understand cyber risk including policymakers, academia, and businesses of all sizes that are impacted by digital threats.

Much contemporary critical infrastructure research has been devoted to studies of the effects of risks stemming from interdependencies between critical infrastructures, here referred to asinterdependency-related risks. However, this research has placed limited emphasis on infrastructure actors’ efforts to manage such risks in practice, and it remains unclear to what extent and how critical infrastructure actors work to increase resilience related to interdependency-related risks. This paper explores mechanisms for addressing interdependency-related risks across three critical national infrastructure sectors in Sweden: transportation, energy and telecommunication. The paper combines a document study and an interview study, and nine mechanisms are identified: (1) Swedish critical infrastructures are subject to clear silo-structures, (2) dedicated individuals and personal relationships are central to existing cross-sector collaborations, (3) information-sharing occurs between sectors, including exchange of sensitive information, but is mainly based on trust or mutual information-needs, (4) while interdependencies are acknowledged, explicit and adequate methods and protocols for how to assess and manage interdependency-related risks seem to be scarce, (5) clear risk ownership, and a connection to physical interdependencies and the core business seems to influence the level of cross-sector engagement, (6) governance of interdependency-related risks is mostly reactive and heavily influenced by past events, (7) compliance have a potential for sparking collaboration, and finally, (8) customer demands in particular, and (9) economic factors in general, play an important role for incentivising cross-sector collaboration. Finally, the paper extensively discusses the implications of these findings and outlines the potential for future research directions to improve cross-sector resilience.

Personnel threats in the electric power critical infrastructure sector and their effect on dependent sectors: Overview in the Czech Republic

Cyber threats continue to escalate in complexity and frequency, underlining the need for effective Cyber Threat Intelligence (CTI) exchange to secure critical infrastructures across various sectors. However, the sharing of CTI is often impeded by concerns relating to security, trust, compliance, and coordination among stakeholders. Existing frameworks such as NIST’s Risk Management Framework (RMF) and ENISA’s CTI Maturity Model provide foundational guidance. Still, they are inadequate in fully addressing the sector-specific challenges realised by industries such as healthcare, energy, and maritime. This paper explores the need for a governance framework for CTI exchange by analysing existing literature, frameworks and use cases from critical sectors. The objective is to identify areas where governance is essential for ensuring secure, efficient, and compliant CTI exchange, with a particular focus on sector-specific challenges. The DYNAMO project, a European Union initiative, serves as a key case study for demonstrating how governance principles can be integrated into practical CTI exchange systems. The governance needs for CTI exchange are examined across six phases of the resilience cycle i.e. Prepare, Prevent, Protect, Respond, Recover, and Learn &amp; Adapt. This analysis highlights how a structured governance framework can enhance the effectiveness, security, and compliance of CTI exchange in critical infrastructure sectors. By aligning governance principles with each phase of the resilience cycle, the paper demonstrates how sector-specific challenges can be addressed through improved coordination, regulatory adherence, and continuous learning. The paper concludes that while existing frameworks provide a solid foundation, sector-specific governance models are needed to address the unique risks and regulatory requirements of critical infrastructures. As DYNAMO’s tools are piloted in healthcare, energy, and maritime sectors, future research will focus on validating the proposed governance model through real-world applications, ensuring that it is adaptable to evolving cyber threats and sectoral needs.

In the last years crisis management is dealing with many important problems. The current threats of countries, inhabitants, property and natural environment belongs to the most important issues. The extreme weather negative impacts and adverse consequences caused by accidents in technological processes and transport have become more and more frequent and intense events. In addition danger of extremism and terrorism, aimed at important object, is also expanding. In developed countries these objects are parts of critical infrastructure. Critical infrastructure sectors in different countries are not unified. In most of the countries the critical infrastructure includes information technologies, energy and transportation. In Slovakia the transportation sector consists of subsectors – road, water, aviation and railway transport. The railway transport is an important subsector of the critical infrastructure. Its importance is unquestionable especially in the field of mass transportation and transportation of bulk substrata. Traditional methods, which were used in the past, were based on experience. The actual possibilities of computer technique enable to explore the railway transport performance through expert information systems. They are based on detailed statistical research. The paper will present the results of the researchers of the Faculty of Special Engineering, University of Žilina focused on the selection and testing the suitable distribution for stochastic events in railway transport. Based on the extensive statistical research the authors demonstrate that the driving time of trains in line sections is more suitable to be considered as random variable with Erlang distribution. The mentioned theoretical findings were used in development of software tool ASTRA that simulates railway transport in emergency situations. Keywwords: Critical transport infrastructure, statistical research, risk management.