Critical Information Infrastructure Research Articles

An immune-inspired multi-agent system for improved critical information infrastructure protection

No abstract available

A Framework for Cybersecurity Strategy for Developing Countries: Case Study of Afghanistan

Given the importance of cyber space for country development, different countries have conducted a lot of investment in cyber space application. Since, based on official documents, Afghanistan is in the process of integrating ICT into its critical information infrastructure, to this end, the country may face various challenges including cyber security. Due to various potential threats and risks to Afghanistan cyber security, a comprehensive cyber security strategy is necessary. Accordingly, Afghanistan has introduced an ICT security law. However, nowadays day by day internet is involving great portion of government and non-government sections. The country must introduce a comprehensive and appropriate cyber security strategy to tackle all of the issues and risks related to this arena. The aim of this study is to propose cyber security strategy based on developed countries experiences in cyber security, specifically Malaysia, because Malaysia and Afghanistan are both Islamic countries with cultural and religious values. Furthermore, Malaysia is considered as a developed country in terms of cyber security. Therefore, in this study, based on literature review and official documents, the current status of ICT as well as cyber threats were identified in Afghanistan context. In addition, to evaluate the current status of cyber security strategy in Afghanistan and Malaysia, some experts were interviewed and accordingly based on their suggestions and Malaysian experience in cyber security, a strategy framework was proposed for Afghanistan to address the ever-growing cyber threats. Then, the proposed cyber security strategy framework was evaluated by interviewing three experts in the field. DOI: http:/dx.doi.org/1.17576/apjitm-2015-0401-01

Selection of Authentication Systems for Hungarian Health Care, Based on Physiological Study (Part II.)

The actuality of the topic indicated in the title comes from more and more events where the verification of identity might be required. Health-care is an important part of critical national infrastructures. A primary task of the protection of critical information infrastructures consists in the access control of data managed by IT system where the identity-authentication forms an important part. For this reason, the technologies considered suitable for use and their supporting means are listed. After examining and comparing the relevant parameters, the optimum solution for the authentication procedures in the Hungarian health care system is specified. First of all, the modern and efficient biometric identification processes are examined; however, the possession-based Radio Frequency Identification (RFID) as an additional system is also studied. Due to the well-known problems of passwords and chip cards. They were deliberately omitted during the system planning and efforts were made to exclude the human factors from the planned authentication system as much as possible.

Selection of Authentication Systems for Hungarian Health Care, Based on Physiological Study (Part I.)

The actuality of the topic indicated in the title comes from more and more events where the verification of identity might be required. Health-care is an important part of the critical national infrastructures. A primary task of the protection of critical information infrastructures consists in the access control of data managed by IT system where the identity-authentication forms an important part. For this reason, the technologies considered suitable for use and their supporting means are listed.After examining and comparing the relevant parameters, the optimum solution for the authentication procedures in the Hungarian health care system is specified. First of all, the modern and efficient biometric identification processes are examined; however, the possession-based Radio Frequency Identification (RFID), as an additional system, is also studied. Due to the well-known problems of passwords and chip cards, they were deliberately omitted during the system planning and efforts were made to exclude the human factors from the planned authentication system as much as possible.

Cybersecurity in Ukraine: Problems and Perspectives

The paper outlines the challenges and the main cyber threats (such as cybercrime, cyber terrorism, cyber war, vulnerability of the state’s information infrastructure, unsatisfactory level of information security) in the Ukrainian cyberspace. Further, a classification of the negative impact of cyberattacks on critical information infrastructure is offered. The authors present Ukraine’s cybersecurity strategy and policy, and describe the country’s cybersecurity system, legal and regulatory aspects, and related specifics of Ukraine’s educational system.

Do Managers Understand Importance of Securing IT Resources?

Information infrastructures and resources has become critical component of the modern business and non-business organizations. In turn this dependence makes these organizations vulnerable to any significant failure in their information infrastructures and resources. Literature is full of examples of the companies suffering major losses and even demise as a result of information infrastructure and resources failures. To mitigate this vulnerability the senior management and governance of the organizations needs to pay direct role and attention to protect their critical information infrastructures and resources. This paper provides some results of a study we conducted recently to determine how the senior management of Malaysian business organizations view and control the information infrastructure and resources in their organizations to mitigate vulnerabilities to this critical component of their business organization.

The requirements of the installation of the critical informational infrastructure and its management

The segments of the network can be paralysed by a series of chance events or a well-organized, targeted attack. If we know our system and lead a safety-conscious life we can avoid unpleasant events and system shutdowns. The Critical Information Infrastructures has become a complex network. Consequently the items of the system, their mutual effects and links and the map of the network have to be known properly. We have to realize that everything is linked with each other and the physical and logistical networks have mutual effects on each other as well. It is obvious that the problem of mapping the complexity is very important. One of the most important parts of the cognition is the obtainment and sorting of information.

Requirements of the Installation of the Critical Informational Infrastructure and Its Management

The segments of the network can be paralysed by a series of chance events or a well-organized, targeted attack. If we know our system and lead a safety-conscious life we can avoid unpleasant events, system down. The Critical Information Infrastructures has become a complex network. Consequently the items of the system, their mutual effects and links and the map of the network have to be known properly. We have to realize that everything is linked with each other and the physical and logistical networks have mutual effects on each other as well. It is obvious, that the problem of mapping the complexity is very important. One of the most important part of the cognition is the obtainment and sorting of information.

Editorial: Dilemmas of Modern Economy and Business

Various dilemmas concerning modern economy and business have been in the focus of scientific discussion in recent years (Klich, 2013; Renko & Knezevic, 2013; Szarucki, 2013; Agrawal & Gugnani, 2014; Pardhasaradhi & Grace, 2015). In modern economy, not only researches but corporations face complex economic and business dilemmas in their daily routine. The Joint Research Centre of the European Commission addresses key economic challenges by stimulating innovations, sustainability policies, social and environmental responsibilities. These challenges require the mobilization of significant resources by science, innovation and regional policy makers and scientific communities across Europe (EUA, 2014). Broader scientific discussions are crucial for the success of the Europe 2020 strategy for smart, sustainable and inclusive growth. According to the Global Risks Report 2015, the biggest threat to world stability in the next 10 years arise from the four most serious economic risks. These are high structural unemployment or underemployment, energy price shock, critical information infrastructure breakdown and fiscal crises. We continuously agree that innovation is critical to global prosperity (WEF, 2015). Currently, the internationalisation of family businesses is an increasingly important research area. Substantial numbers of FBs are forced to expand into foreign markets in order to survive and grow in the competitive environment (Daszkiewicz & Wach, 2014). The roles of business angels are especially important taken both decreasing the levels of formal venture capital investment and growing average amount of individual deals. Angel investors are the key players in generating high-growth companies, essential to regional economic development. As a result, they have attracted the attention of policy makers (Rostamzadeh et. al. , 2014). Consequently, this issue of EBER concentrates on the current dilemmas of modern economy and business, particularly dealing with the Baltic States, Slovenia and Poland. Five out of eight articles published in this issue are research papers, two are conceptual papers, while one is a literature review.

Requirements of the Installation of the Critical Informational Infrastructure and Its Management

Requirements of the Installation of the Critical Informational Infrastructure and Its Management

A Strategic Framework for a Secure Cyberspace in Developing Countries with Special Emphasis on the Risk of Cyber Warfare

The objective of this paper is to provide a strategic framework for a secure cyberspace in developing countries, taking cognisance of the realities and constraints within a developing milieu; and to discuss if the risk of cyber warfare and related techniques against developing countries should be addressed within ‘The Framework'. Cybersecurity policies and related strategies are required for developing countries in order to effectively safeguard against cyber related threats (the same as for developed countries). These policies and strategies for developing countries will differ from those of developed countries due to the unique realities within a developing world. Africa in specific is presently seen as a hotbed for cybercrime, and one of the reasons is that many African countries do not have a proper framework, policies and procedures to properly protect cyberspace. Experience has also shown that a pure adoption by developing countries of the cyber frameworks of developed nations will not always be effective, especially due to the unique requirements and realities within developing worlds, such as limited resources, infrastructure, technologies, skills and experience. It is also necessary when talking about a strategic framework to secure cyberspace, to discuss cyber warfare, its general application and its possible utilisation as part of the strategy to protect national critical information infrastructure. This, as part of a developing country's national security strategy in addition to traditional cybersecurity defence measures. The approach taken for the research program, and discussed in this paper, is based on a comprehensive literature study on several existing cybersecurity policies and strategies from both developed and developing countries. From this the drivers / elements for national cybersecurity policies and strategies were identified. These drivers were than adapted to specifically relate to the requirements of developing countries, and then, utilising the identified and adapted drivers, our strategic framework for developing countries to secure their cyberspace was developed. This document will be very useful for those African countries venturing into defining relevant policies and procedures.

Defending Critical Information Infrastructure from Cyberattacks through the Use of Security Controls in Layers

Critical information infrastructure has enabled organisations to store large amounts of information on their systems and deliver it via networks such as the internet, providing users with internet services. However, some organisations have not effectively secured their critical information infrastructure and hackers, disgruntled employees and other entities have taken advantage of this by launching cyberattacks on their critical information infrastructure. They do this by using cyberthreats to exploit vulnerabilities in critical information infrastructure which organisations fail to secure. As a result, cyberthreats are able to steal or damage confidential information stored on systems or take down websites, preventing access to information. Despite this, risk strategies can be used to implement a number of security controls: preventive, detective and corrective controls, which together form a system of controls. These security controls are used in layers to increase the level of security. This will ensure that the confidentiality, integrity and availability of information is preserved, thus reducing risks to information. This system of controls is based on the General Systems Theory which states that the elements of a system are interdependent and contribute to the operation of the whole system. Finally, a model is proposed to address insecure critical information infrastructure.

Integrity-OrBAC: a new model to preserve Critical Infrastructures integrity

Nations development depends heavily on the proper functioning of their Critical Infrastructures (CIs). Their security requirements are very important since small dysfunctions can deeply affect nation stability. We focus on their integrity need because Critical Information Infrastructures (CIIs) manipulate data that must be correct. The differentiation of their various elements security needs is essential to their protection. Unfortunately, existent access control models do not completely meet the CIIs requirements for many reasons. The Organization-Based Access Control (OrBAC) model, however, presents several strengths but it does neither consider the differentiation concept nor cope with integrity issues. In this paper, we work to enrich OrBAC with integrity mechanisms and means of differentiation. Integrity-OrBAC (I-OrBAC) is our extension and it is a proactive model. I-OrBAC is a multi-integrity level model that enables quantifying the integrity needs of each CII element, in term of credibility or criticality, to take optimal access control decisions. Given a triple (context, view and activity), we propose a way to determine the best subjects of the role selected to perform the activity through the calculation of integrity level thresholds. This idea is illustrated by a security policy example. We also propose a role priority concept and an algorithm that make security policies more flexible. The algorithm is described by an inference system. Regarding the implementation, we extend XACML to reflect the properties of our entities. Steps for access decision-making are detailed and scenarios used to test the implementation are presented.

An Agent-Based Socio-Technical Approach to Impact Assessment for Cyber Defense

ABSTRACTThis paper presents a novel simulation for estimating the impact of cyber attacks. Current approaches have adopted the probabilistic risk analysis in order to estimate the impact of attacks mostly on assets or business processes. More recent approaches involve vulnerability analysis on networks of systems and sensor input from third-party detection tools in order to identify attack paths. All these methods are focusing on one level at a time, defining impact in terms of confidentiality, integrity, and availability, failing to place people and technology together in an organization’s functional context. We propose an interdependency impact assessment approach, focusing on the responsibilities and the dependencies that flow through the supply chain, mapping them down into an agent-based socio-technical model. This method is useful for modeling consequences across all levels of organizations networks—business processes, business roles, and systems. We are aiming to make chaining analysis on threat scenarios and perform impact assessment, providing situational awareness for cyber defense purposes. Although the model has various applications, our case study is specifically focusing on critical information infrastructures due to the criticality of the systems and the fact that the area is still lacking security-focused research and heavily relies on reliability theory and failure rate.

Public-Private Partnerships: A Softt Approach to Cybersecurity? Views from the European Union

This chapter addresses public-private partnerships (PPPs) in cybersecurity. PPPs allow the government and key Information and Communications Technology operators to pool their resources and know-how to tackle several aspects of cybersecurity, such as critical information infrastructure protection and the fight against cybercrime. The nature and functioning of these partnerships raise a number of questions. What are PPPs in practice and what is their rationale? Are they keeping up with their promise of increased security? Do PPPs have any adverse impact on society? This chapter offers answers to these three questions from a European Union (EU) perspective. Accordingly, I define the rationale for PPPs, and then, building on the taxonomy developed by the European Network and Information Security Agency (ENISA), I investigate examples of existing regional and international/transnational partnerships. As for the question as to whether PPPs are keeping up with their promise of better addressing cyber-challenges, I argue that it is necessary to analyse the complex landscape of the PPPs as a whole, taking into account the risk of ‘societal collateral damage’ and the partnerships’ contrasting objectives.

Jamming-Aware Traffic Allocation for Multiple-Path Routing Using Portfolio Selection against DDOS

Multiple-path routing protocols allow data source node to distribute the total traffic among available paths. We consider the problem of jamming-aware source routing in which the source node performs traffic allocation based on empirical jamming statistics at individual network nodes. We formulate this traffic allocation as a lossy network flow optimization problem using portfolio selection theory. This centralized optimization problem can be solved using a distributed algorithm based on decomposition in NUM. Along with this Network based attacks have become a serious threat to the critical information infrastructure. There are many security attacks in MANET e.g. DDOS. The effect of DDOS leads to routing load, packet drop rate, end to end delay in network. So considering these parameters we build secure IDS to detect such attack and block it. Identifying the source of the attackers is necessary to correlate the incoming and outgoing flows or connections. To resist attempts at correlation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing based correlation approaches are subject to timing perturbations that may be deliberately introduced by the attacker at stepping stones. So watermark-based correlation scheme is proposed which is designed specifically to be robust against timing perturbations. Unlike most previous timing based correlation approaches, our watermark-.based approach is active in that it embeds a unique watermark into the encrypted flows by slightly adjusting the timing of selected packets.

Cyberspace and Critical Information Infrastructures

Every economy of an advanced nation relies on information systems and interconnected networks, thus in order to ensure the prosperity of a nation, making cyberspace a secure place becomes as crucial as securing society. Cyber security means ensuring the safety of this cyberspace from threats which can take different forms, such as stealing secret information from national companies and government institutions, attacking infrastructure vital for the functioning of the nation or attacking the privacy of the single citizen. The critical information infrastructure (CII) represents the indispensable nervous system, that allow modern societies to work and live. Besides, without it, there would be no distribution of energy, no services like banking or finance, no air traffic control and so on. But at the same time, in the development process of CII, security was never considered a top priority and for this reason they are subject to a high risk in relation to the organized crime,Keywords: Information Systems, Cyberspace, Critical Information Infrastructure, Cyber Security, Risk Management, Strategy(ProQuest: ... denotes formulae omitted.)1 IntroductionIn developed countries, information infrastructures are at the same time a fundamental bedrock that makes contemporary societies work as well as a source of vulnerability. The diffusion of telecommunications, the Internet and the penetration of computers and local computer networks in so many facets of life today have changed all that. For this reason, information systems are considered a critical asset, not only for traditional intelligence purposes but also for security issues. Thus, is becoming very important an appraisal of some critical aspects of some critical elements of cyber warfare deals with the risks for Critical Information Structures (CII). While representing an essential groundwork that allow modern societies to work and live, they have been developed without considering security as a top priority. Intelligence gathering has always been a critical and inescapable aspect in international politics and new technologies offer unprecedented tools to monitor governments, economies, defense and security planning that can become targets to external threats.The U.S. National Institute of Standards and Technology (NIST) defines critical infrastructures as those system and assets, whether or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters[1]. Likewise, the European Commission describes critical infrastructures as physical and information technology facilities, networks, services and assets that, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or the effective functioning of governments in EU States[3].While there are some differences between the United States and the EU and other advanced countries such as Japan, Australia, Canada, South Korea and others as to what precisely constitutes CII, these differences tend to be more terminological than substantial (see Table 1 for examples).IT and communication systems (ITC* insufficient awareness and user education systems and attitudes or practices that do not comply with the procedures manual;* availability of information on the penetration of computer systems without authorization;* unclear legal regulations and jurisdictional difficulties;* intensification of the globalization phenomenon. …

Uma análise sobre a política de informação para a defesa militar do Brasil: algumas implicações éticas

Some ethical implications: It is presented the development of the information policy for the military defense of Brazil, taking into consideration information actions, which were implemented during the Brazilian history, and in the context of the regions where the country carries out geostrategic influence. The hypothesis is that there is a dilemma of the Brazilian state between cooperative international relations, based on a multilateral perspective, and the threats to its critical information infrastructure. Besides, technically there is a fragility of the cybernetics infrastructure because of the lack of an appropriate information policy, which could contribute to the position of Brazil in the international system of power, in accordance with its potentialities. Questions that imply ethics dilemmas about the threshold between the cooperative interchange, on the one hand, and the preservation of sovereignty, on the other, related with what should, or should not, be shared in the cyberspace.

PREVENTING CYBER ATTACKS ON CRIRICAL INFRASTRUCTURE: A NEW PRIORITY FOR THE RUSSIAN PUBLIC DIPLOMACY?

The article analyses the problem of cyber attacks on critical infrastructure, including facilities of the nuclear industry. At present there is almost no international legal regulation of the possible usage of information technologies in order to information systems used by object of the critically important infrastructure. Still, there has been an unprecedented growth in the information threats in recent years. As it was revealed in 2010, several Middle East States, first of all Iran in 2008, were the target for a series of systematic and sophisticated computer attacks, whose initiators remain unknown, which were aimed at the collection of information about the objects of critical information infrastructure of these states and its program intrusion. The author supports the thesis of the need for early development of international legal instruments to prevent and prohibit such cyber attacks. At the same time the leadership in the formulation and solution of this problem on the international scene can assume the Russian Federation, whose initiatives have since 1998 shaped the global agenda in terms of regulating the behavior of states in cyberspace. Despite the significant differences of different countries in this area, their positions on ensuring protection against cyber attacks peaceful nuclear infrastructure are the closest to a consensus, creating a window of opportunity for practical progress on this issue in 2013-2014.

Problems of ensuring information security of ukraine critical information infrastructure systems

Стаття описує основні завдання державної політики в галузі забезпечення безпеки ключових систем інформаційної структури критично важливих об’єктів.