Abstract
Security threats on critical infrastructures are evolving and increasingly consist of a combination of physical and cyber-attacks. In practice, a common approach to characterise physical and cyber-attacks is lacking, which may cause security gaps. This article proposes a set of technical criteria to characterise attacks. It evaluates these criteria based on attack scenarios to assess their efficacy. This study is situated against the background of the EU policy and regulation to highlight the regulatory relevance of the distinction between physical and cyber threats for critical infrastructure protection. The article concludes that, based on the currently applicable criteria, it is not technically possible to distinguish systematically cyber from physical attacks. This calls for a security management approach that acknowledges the convergence of physical and cyber threats. From a legal perspective, authors conclude there is no harmonised guidance as to how physical and cyber threats may be addressed in protecting critical infrastructure. The multidisciplinary approach of this article aims to inform decision making in terms of security governance and management.
Paper version not known (
Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call