International Journal of Critical Infrastructure Protection最新文献_第2页

Bridging technical and social dimensions in critical infrastructure accessibility assessment: A case study from Chile 关键基础设施可达性评估中的技术和社会层面的桥梁：来自智利的案例研究

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-11-06 DOI: 10.1016/j.ijcip.2025.100811

Marta Contreras , Alondra Chamorro , Trinidad Gómez , Tomás Echaveguren , María Molinos-Senante

Assessing accessibility to critical infrastructure (CI), e.g., drinking water supply and transportation network, during extreme natural events is fundamental for improving the resilience of urban and rural systems. This study introduces a novel methodology to evaluate the criticality of road network links for accessing CI, integrating both technical assessments and societal preferences. A Critical Accessibility Index (CAI) was developed and applied to a case study in the Metropolitan Region of Chile, using a goal programming framework to quantify the relative importance of seven CI types as perceived by 750 survey respondents. Drinking water supply was assigned the highest weight (59.7 %), followed by healthcare (15.9 %) and electricity (8.5 %), reflecting priorities during an earthquake scenario. The CAI was estimated under two scenarios: one assuming equal CI importance and another incorporating community preferences. Results showed that in scenario (a), 69.3 % of links had very low criticality, while in scenario (b), this decreased to 47.5 %, with a notable increase in medium and high criticality links. Spatial analysis underscored the heightened criticality of drinking water access, especially in rural areas with low redundancy. Policy implications emphasize the need for dual-focused investment planning that balances technical criticality with social priorities. This approach supports inclusive and robust disaster risk management, offering a replicable framework for diverse regional applications.

在极端自然事件期间，评估关键基础设施（如饮用水供应和运输网络）的可及性对于提高城乡系统的复原力至关重要。本研究引入了一种新的方法来评估道路网络连接对访问CI的重要性，整合了技术评估和社会偏好。开发了关键可达性指数（CAI），并将其应用于智利大都市区的案例研究，使用目标规划框架量化750名调查受访者认为的七种CI类型的相对重要性。饮用水供应的权重最高（59.7%），其次是医疗保健（15.9%）和电力（8.5%），反映了地震情景下的优先事项。CAI是在两种情况下估计的：一种假设CI同等重要，另一种考虑社区偏好。结果表明，在场景(a)中，69.3%的链接具有非常低的临界性，而在场景(b)中，这一比例降至47.5%，中临界和高临界链接显著增加。空间分析强调了饮用水获取的重要性，特别是在冗余度低的农村地区。政策影响强调需要有双重重点的投资规划，平衡技术关键性和社会优先事项。这种方法支持包容性和强大的灾害风险管理，为不同的区域应用提供了可复制的框架。

{"title":"Bridging technical and social dimensions in critical infrastructure accessibility assessment: A case study from Chile","authors":"Marta Contreras , Alondra Chamorro , Trinidad Gómez , Tomás Echaveguren , María Molinos-Senante","doi":"10.1016/j.ijcip.2025.100811","DOIUrl":"10.1016/j.ijcip.2025.100811","url":null,"abstract":"<div><div>Assessing accessibility to critical infrastructure (CI), e.g., drinking water supply and transportation network, during extreme natural events is fundamental for improving the resilience of urban and rural systems. This study introduces a novel methodology to evaluate the criticality of road network links for accessing CI, integrating both technical assessments and societal preferences. A Critical Accessibility Index (CAI) was developed and applied to a case study in the Metropolitan Region of Chile, using a goal programming framework to quantify the relative importance of seven CI types as perceived by 750 survey respondents. Drinking water supply was assigned the highest weight (59.7 %), followed by healthcare (15.9 %) and electricity (8.5 %), reflecting priorities during an earthquake scenario. The CAI was estimated under two scenarios: one assuming equal CI importance and another incorporating community preferences. Results showed that in scenario (a), 69.3 % of links had very low criticality, while in scenario (b), this decreased to 47.5 %, with a notable increase in medium and high criticality links. Spatial analysis underscored the heightened criticality of drinking water access, especially in rural areas with low redundancy. Policy implications emphasize the need for dual-focused investment planning that balances technical criticality with social priorities. This approach supports inclusive and robust disaster risk management, offering a replicable framework for diverse regional applications.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100811"},"PeriodicalIF":5.3,"publicationDate":"2025-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145528333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

From antagonisms to synergies: A systematic review of safety-security interrelations 从对抗到协同：安全相互关系的系统回顾

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-10-30 DOI: 10.1016/j.ijcip.2025.100808

Verena Zimmermann , Linda Fanconi , Hannah Sievers , Yanis Isenring , Lisa Zankel , Marita Unden

As today’s critical infrastructures become increasingly digitalized and interconnected, the previously separated concepts of safety and security become increasingly intertwined. Researchers across domains thus call for joint consideration, e.g., in risk models and related standards. While this research field is emerging, the interrelations between safety and security are not yet well understood. However, a better understanding is highly relevant for anticipating, preventing, and handling incidents resulting from them. To shine light on these interrelations and their implications, we conducted a systematic literature review with a final data set of 213 publications. We not only systematized and quantified uncovered types of safety-security interrelations but also explored how different interrelations and related models impact on what is analyzed. From the systematization, we outline current trends and research gaps. Among others, we find a growing interest in safety-security interrelations as attested by sharp rise of publications and a growing diversification of models for co-analysis and co-engineering in the last years. The influence of security on safety is studied much more frequently as compared to an influence of safety aspects on security. Furthermore, we reveal an emphasis on studying the ”negative” types of interrelations, i.e., impairment and antagonism whereas potential synergies are scarcely analyzed. The findings can inform the more holistic development of truly combined as compared to previous sequential models for co-analysis and the design of processes and standards to support safety- and security-related stakeholders to anticipate and jointly cope with safety-security interrelations.

随着当今关键基础设施日益数字化和互联化，以前分离的安全和安保概念日益交织在一起。因此，跨领域的研究人员呼吁共同考虑，例如在风险模型和相关标准中。虽然这一研究领域正在兴起，但安全与保障之间的相互关系尚未得到很好的理解。然而，更好的理解与预测、预防和处理由此引起的事件高度相关。为了阐明这些相互关系及其含义，我们对213份出版物的最终数据集进行了系统的文献综述。我们不仅系统化和量化了未发现的安全相互关系类型，而且还探讨了不同的相互关系和相关模型如何影响所分析的内容。从系统的角度，我们概述了当前的趋势和研究差距。在其他方面，我们发现对安全-安全相互关系的兴趣日益增长，这一点在过去几年中得到了出版物急剧增加和共同分析和共同工程模型日益多样化的证明。与安全方面对安全的影响相比，安全对安全的影响的研究要频繁得多。此外，我们强调研究“消极”类型的相互关系，即损害和对抗，而潜在的协同效应很少分析。与之前的协同分析顺序模型相比，研究结果可以为真正的综合发展提供更全面的信息，并设计过程和标准，以支持安全和安保相关利益相关者预测和共同应对安全-安保相互关系。

{"title":"From antagonisms to synergies: A systematic review of safety-security interrelations","authors":"Verena Zimmermann , Linda Fanconi , Hannah Sievers , Yanis Isenring , Lisa Zankel , Marita Unden","doi":"10.1016/j.ijcip.2025.100808","DOIUrl":"10.1016/j.ijcip.2025.100808","url":null,"abstract":"<div><div>As today’s critical infrastructures become increasingly digitalized and interconnected, the previously separated concepts of safety and security become increasingly intertwined. Researchers across domains thus call for joint consideration, e.g., in risk models and related standards. While this research field is emerging, the interrelations between safety and security are not yet well understood. However, a better understanding is highly relevant for anticipating, preventing, and handling incidents resulting from them. To shine light on these interrelations and their implications, we conducted a systematic literature review with a final data set of 213 publications. We not only systematized and quantified uncovered types of safety-security interrelations but also explored how different interrelations and related models impact on what is analyzed. From the systematization, we outline current trends and research gaps. Among others, we find a growing interest in safety-security interrelations as attested by sharp rise of publications and a growing diversification of models for co-analysis and co-engineering in the last years. The influence of security on safety is studied much more frequently as compared to an influence of safety aspects on security. Furthermore, we reveal an emphasis on studying the ”negative” types of interrelations, i.e., impairment and antagonism whereas potential synergies are scarcely analyzed. The findings can inform the more holistic development of truly combined as compared to previous sequential models for co-analysis and the design of processes and standards to support safety- and security-related stakeholders to anticipate and jointly cope with safety-security interrelations.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100808"},"PeriodicalIF":5.3,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145465191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Identifying cyber attack vulnerabilities in the main lubricating oil system of marine propulsion units 舰船推进装置主润滑油系统网络攻击漏洞识别

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-10-16 DOI: 10.1016/j.ijcip.2025.100810

Yigit Gülmez , Olgun Konur , Muhammed Erbas , Sanja Bauk

This study investigates the cyber vulnerabilities of the main engine lubricating oil system in marine vessels through a detailed simulation model. It focuses on the impact of cyber-attacks targeting temperature control equipment and sensors, using a MATLAB Simulink model to simulate various attack scenarios and assess their effects on system behavior. The research identifies critical components prone to cyber threats and quantifies their risk levels using a novel integration of Monte Carlo simulations, safety margins methodologies and a full mission engine room simulator. The results highlight the impact of each specific cyber-attack on the temperature of the lubricating oil in a marine vessel's main engine, showing how substantially each type of cyber-attack can increase temperatures and potentially lead to catastrophic engine failures. Based on these insights, the study proposes applicable strategies to enhance the cyber resilience of marine vessel systems, highlighting the need for advanced detection mechanisms and comprehensive cyber defense measures. This study not only explores specific vulnerabilities but also provides further research on maritime cybersecurity.

本文通过详细的仿真模型研究了船舶主机润滑油系统的网络漏洞。它侧重于针对温度控制设备和传感器的网络攻击的影响，使用MATLAB Simulink模型模拟各种攻击场景并评估其对系统行为的影响。该研究确定了容易受到网络威胁的关键部件，并使用蒙特卡洛模拟、安全边际方法和全任务机舱模拟器的新集成来量化其风险水平。研究结果强调了每种特定的网络攻击对船舶主机润滑油温度的影响，表明每种类型的网络攻击都可能导致温度升高，并可能导致灾难性的发动机故障。基于这些见解，该研究提出了增强船舶系统网络弹性的适用策略，强调了对先进检测机制和综合网络防御措施的需求。本研究不仅探索了具体的漏洞，也为海事网络安全提供了进一步的研究。

{"title":"Identifying cyber attack vulnerabilities in the main lubricating oil system of marine propulsion units","authors":"Yigit Gülmez , Olgun Konur , Muhammed Erbas , Sanja Bauk","doi":"10.1016/j.ijcip.2025.100810","DOIUrl":"10.1016/j.ijcip.2025.100810","url":null,"abstract":"<div><div>This study investigates the cyber vulnerabilities of the main engine lubricating oil system in marine vessels through a detailed simulation model. It focuses on the impact of cyber-attacks targeting temperature control equipment and sensors, using a MATLAB Simulink model to simulate various attack scenarios and assess their effects on system behavior. The research identifies critical components prone to cyber threats and quantifies their risk levels using a novel integration of Monte Carlo simulations, safety margins methodologies and a full mission engine room simulator. The results highlight the impact of each specific cyber-attack on the temperature of the lubricating oil in a marine vessel's main engine, showing how substantially each type of cyber-attack can increase temperatures and potentially lead to catastrophic engine failures. Based on these insights, the study proposes applicable strategies to enhance the cyber resilience of marine vessel systems, highlighting the need for advanced detection mechanisms and comprehensive cyber defense measures. This study not only explores specific vulnerabilities but also provides further research on maritime cybersecurity.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100810"},"PeriodicalIF":5.3,"publicationDate":"2025-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Quantification of seismic resilience of water distribution networks considering interdependency using Dempster-Shafer theory 基于Dempster-Shafer理论的考虑相互依赖的配水管网地震恢复力量化

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-10-15 DOI: 10.1016/j.ijcip.2025.100809

Z. Zarebidaki, B. Omidvar

Providing potable water, one of the most vital human needs has always been a major challenge in natural disaster management. This study focuses on the challenge of ensuring the resilience of urban water infrastructure in the face of disasters. The main goal is to present the resilience indices of the water infrastructure in a metropolitan area after an earthquake, considering its dependence on electricity, transportation, and telecommunication infrastructures using the Dempster-Shafer theory of evidence.

The results show that the water infrastructure will be more resilient in the moderate earthquake scenario than the strong one. The resilience enhancement of transportation and telecommunication items has the most positive effect on the water system resilience, increasing by >48 percent for the strong earthquake scenario. The increase in water infrastructure resilience would be up to 24 percent by raising the resilience belief values of each technical, non-technical, and telecommunication component for the moderate earthquake scenario. The results reveal notable insights into the vulnerability of interdependent infrastructures under earthquake scenarios, having important implications for the risk analysis and resilience management of various infrastructures.

作为人类最重要的需求之一，提供饮用水一直是自然灾害管理的一项重大挑战。本研究的重点是确保城市水利基础设施在面对灾害时的复原力。本文的主要目标是利用Dempster-Shafer证据理论，考虑到大都市地区对电力、交通和电信基础设施的依赖，提出大都市地区地震后供水基础设施的恢复指数。结果表明，在中等地震情景下，水利基础设施比强地震情景更具弹性。交通和电信项目的恢复能力增强对水系统的恢复能力有最积极的影响，在强地震情景下增加了48%。通过提高中等地震情景下每个技术、非技术和电信组成部分的恢复力信念值，水基础设施的恢复力将增加24%。研究结果揭示了地震情景下相互依赖的基础设施的脆弱性，对各种基础设施的风险分析和弹性管理具有重要意义。

{"title":"Quantification of seismic resilience of water distribution networks considering interdependency using Dempster-Shafer theory","authors":"Z. Zarebidaki, B. Omidvar","doi":"10.1016/j.ijcip.2025.100809","DOIUrl":"10.1016/j.ijcip.2025.100809","url":null,"abstract":"<div><div>Providing potable water, one of the most vital human needs has always been a major challenge in natural disaster management. This study focuses on the challenge of ensuring the resilience of urban water infrastructure in the face of disasters. The main goal is to present the resilience indices of the water infrastructure in a metropolitan area after an earthquake, considering its dependence on electricity, transportation, and telecommunication infrastructures using the Dempster-Shafer theory of evidence.</div><div>The results show that the water infrastructure will be more resilient in the moderate earthquake scenario than the strong one. The resilience enhancement of transportation and telecommunication items has the most positive effect on the water system resilience, increasing by >48 percent for the strong earthquake scenario. The increase in water infrastructure resilience would be up to 24 percent by raising the resilience belief values of each technical, non-technical, and telecommunication component for the moderate earthquake scenario. The results reveal notable insights into the vulnerability of interdependent infrastructures under earthquake scenarios, having important implications for the risk analysis and resilience management of various infrastructures.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100809"},"PeriodicalIF":5.3,"publicationDate":"2025-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Securing cyber-physical systems: Attack detection and isolation in power grid AGC 保护网络物理系统：电网AGC中的攻击检测和隔离

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-10-15 DOI: 10.1016/j.ijcip.2025.100806

Muhammad Asim Abbasi , Aadil Sarwar Khan , Shiping Huang , Mansoor Zahoor Qadri , Li Guo

Modern power systems integrate cutting-edge communication and computational technologies with the physical infrastructure, making them a good example of a cyber–physical system (CPS). Like any other CPS, the power system is prone to cyber attacks, particularly in automatic generation control (AGC). AGC in the power system relies on the communication network and is therefore vulnerable to attacks. This paper studies the detection and isolation of multiple simultaneous attacks against multi-area AGC in the presence of renewable energy resources (RERs) and electric vehicles (EVs). The impact of EVs and RERs is modeled as unknown inputs/disturbances. A directional unknown input observer (DUIO) based approach is proposed to assure simultaneous disturbance decoupling and attack isolation with lesser computational burden than the existing schemes. The effectiveness of the proposed method is validated through comprehensive case studies and simulations on a two-area interconnected AGC power system, representing a typical multi-region power grid with renewable energy and electric vehicle integration.

现代电力系统将尖端的通信和计算技术与物理基础设施相结合，使其成为网络物理系统（CPS）的一个很好的例子。与任何其他CPS一样，电力系统容易受到网络攻击，特别是在自动发电控制（AGC）中。电力系统中的AGC依赖于通信网络，因此容易受到攻击。本文研究了在可再生能源和电动汽车存在的情况下，针对多区域AGC的多重同时攻击的检测与隔离。ev和RERs的影响被建模为未知输入/干扰。提出了一种基于方向性未知输入观测器（directional unknown input observer， DUIO）的方法，在保证干扰解耦和攻击隔离的同时，减少了现有方法的计算量。通过典型的可再生能源与电动汽车融合多区域电网的两区互联AGC电力系统的综合案例研究和仿真，验证了所提方法的有效性。

{"title":"Securing cyber-physical systems: Attack detection and isolation in power grid AGC","authors":"Muhammad Asim Abbasi , Aadil Sarwar Khan , Shiping Huang , Mansoor Zahoor Qadri , Li Guo","doi":"10.1016/j.ijcip.2025.100806","DOIUrl":"10.1016/j.ijcip.2025.100806","url":null,"abstract":"<div><div>Modern power systems integrate cutting-edge communication and computational technologies with the physical infrastructure, making them a good example of a cyber–physical system (CPS). Like any other CPS, the power system is prone to cyber attacks, particularly in automatic generation control (AGC). AGC in the power system relies on the communication network and is therefore vulnerable to attacks. This paper studies the detection and isolation of multiple simultaneous attacks against multi-area AGC in the presence of renewable energy resources (RERs) and electric vehicles (EVs). The impact of EVs and RERs is modeled as unknown inputs/disturbances. A directional unknown input observer (DUIO) based approach is proposed to assure simultaneous disturbance decoupling and attack isolation with lesser computational burden than the existing schemes. The effectiveness of the proposed method is validated through comprehensive case studies and simulations on a two-area interconnected AGC power system, representing a typical multi-region power grid with renewable energy and electric vehicle integration.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100806"},"PeriodicalIF":5.3,"publicationDate":"2025-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145319496","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Securing the future: Integrating quantum computing and digital twin technologies into modern power & transportation systems for resilient smart cities against false data injection cyberattacks 保护未来：将量子计算和数字孪生技术集成到现代电力和交通系统中，以实现弹性智能城市抵御虚假数据注入网络攻击

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-10-12 DOI: 10.1016/j.ijcip.2025.100807

Ehsan Naderi

The rapid evolution of smart cities relies on the integration of advanced technologies to enhance urban infrastructure, ensure system resilience, and address growing cybersecurity challenges. Toward that end, this paper scrutinizes the convergence of quantum computing (QC) and digital twin (DT) technologies as a novel solution to mitigate false data injection (FDI) cyberattacks, an escalating threat to the integrity of data-driven power and transportation systems. By combining the computational advantages of quantum algorithms with the real-time monitoring and simulation capabilities of DTs, this paper proposes an integrated framework along with a novel optimization algorithm for early detection, prevention, and mitigation of FDI attacks. The effectiveness of the proposed approach is demonstrated through a modified IEEE 39-bus power system coupled with an urban transportation network, highlighting improved system security, operational efficiency, and sustainability. This work contributes a forward-looking pathway for securing interconnected smart city infrastructures against evolving cyber threats.

智慧城市的快速发展依赖于先进技术的整合，以增强城市基础设施，确保系统弹性，并应对日益增长的网络安全挑战。为此，本文仔细研究了量子计算（QC）和数字孪生（DT）技术的融合，作为减轻虚假数据注入（FDI）网络攻击的新解决方案，虚假数据注入（FDI）网络攻击是对数据驱动的电力和运输系统完整性的不断升级的威胁。通过将量子算法的计算优势与dt的实时监控和模拟能力相结合，本文提出了一个集成框架以及一种新的优化算法，用于早期检测、预防和减轻FDI攻击。通过改进的IEEE 39总线电力系统与城市交通网络相结合，证明了所提出方法的有效性，突出了系统安全性、运行效率和可持续性的提高。这项工作为保护互联的智慧城市基础设施免受不断变化的网络威胁提供了前瞻性途径。

{"title":"Securing the future: Integrating quantum computing and digital twin technologies into modern power & transportation systems for resilient smart cities against false data injection cyberattacks","authors":"Ehsan Naderi","doi":"10.1016/j.ijcip.2025.100807","DOIUrl":"10.1016/j.ijcip.2025.100807","url":null,"abstract":"<div><div>The rapid evolution of smart cities relies on the integration of advanced technologies to enhance urban infrastructure, ensure system resilience, and address growing cybersecurity challenges. Toward that end, this paper scrutinizes the convergence of quantum computing (QC) and digital twin (DT) technologies as a novel solution to mitigate false data injection (FDI) cyberattacks, an escalating threat to the integrity of data-driven power and transportation systems. By combining the computational advantages of quantum algorithms with the real-time monitoring and simulation capabilities of DTs, this paper proposes an integrated framework along with a novel optimization algorithm for early detection, prevention, and mitigation of FDI attacks. The effectiveness of the proposed approach is demonstrated through a modified IEEE 39-bus power system coupled with an urban transportation network, highlighting improved system security, operational efficiency, and sustainability. This work contributes a forward-looking pathway for securing interconnected smart city infrastructures against evolving cyber threats.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100807"},"PeriodicalIF":5.3,"publicationDate":"2025-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145319495","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Developing security metrics for space systems: A study considering the NIST Cybersecurity Framework 2.0 and the NIS2 开发空间系统的安全指标：考虑NIST网络安全框架2.0和NIS2的研究

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-10-03 DOI: 10.1016/j.ijcip.2025.100805

Francesco Casaril, Letterio Galletta

Space-based assets are essential for critical societal functions across sectors like energy, transportation, communication, agriculture, and government. As these services become more integrated into daily life and reliance on cyber–physical systems grows, the interconnectivity and commercialization of space assets increases the attack surface and cybersecurity risks. Recent incidents affecting space infrastructure underscore the urgent need for robust cybersecurity measures. Legislators in the EU and other countries are addressing cyber risks to space and ground assets by developing minimum protection requirements. To support these measures, this paper evaluates whether existing security metrics in the literature cover all NIST functions, categories, and subcategories in the Cybersecurity Framework 2.0 (CSF 2.0). This framework provides a strong foundation for industry sectors and can serve as a baseline to ensure compliance with directives like NIS2. Our analysis reveals imbalances in academic discourse, with certain CSF 2.0 functions underrepresented. Then, we propose new metrics to address unaddressed NIST categories and adapt existing metrics to better suit the space domain. Considering practical challenges in implementing and monitoring these metrics, we propose a tool to facilitate their calculation and visualize security status. We also present a case study resembling real-world space infrastructure that demonstrates our tool’s applicability and the value of the designed metrics. Our research has managerial implications, supporting managers, CIOs, and CISOs in making informed decisions, helping companies understand their security levels, and complying with existing and forthcoming space sector regulations. We advocate for using security metrics to assess compliance with regulations like NIS2, CER, or upcoming space laws, demonstrating to policymakers that metrics can be integrated into policies to enhance their effectiveness.

天基资产对于能源、交通、通信、农业和政府等部门的关键社会功能至关重要。随着这些服务越来越多地融入日常生活，对网络物理系统的依赖越来越大，空间资产的互联性和商业化增加了攻击面和网络安全风险。最近影响空间基础设施的事件凸显了对强有力的网络安全措施的迫切需要。欧盟和其他国家的立法者正在通过制定最低保护要求来解决空间和地面资产面临的网络风险。为了支持这些措施，本文评估了文献中现有的安全指标是否涵盖了网络安全框架2.0 （CSF 2.0）中的所有NIST功能、类别和子类别。这个框架为行业部门提供了一个坚实的基础，可以作为基线，以确保遵守像NIS2这样的指令。我们的分析揭示了学术话语的不平衡，某些CSF 2.0功能被低估了。然后，我们提出了新的指标来解决未解决的NIST类别，并调整现有指标以更好地适应空间领域。考虑到实现和监控这些指标的实际挑战，我们提出了一个工具来促进它们的计算和可视化安全状态。我们还提供了一个类似于现实世界空间基础设施的案例研究，展示了我们的工具的适用性和设计指标的价值。我们的研究具有管理意义，支持经理、首席信息官和首席信息官做出明智的决策，帮助公司了解他们的安全级别，并遵守现有和即将出台的航天部门法规。我们提倡使用安全指标来评估对NIS2、CER或即将出台的空间法律等法规的遵从性，向政策制定者展示可以将指标集成到政策中以提高其有效性。

{"title":"Developing security metrics for space systems: A study considering the NIST Cybersecurity Framework 2.0 and the NIS2","authors":"Francesco Casaril, Letterio Galletta","doi":"10.1016/j.ijcip.2025.100805","DOIUrl":"10.1016/j.ijcip.2025.100805","url":null,"abstract":"<div><div>Space-based assets are essential for critical societal functions across sectors like energy, transportation, communication, agriculture, and government. As these services become more integrated into daily life and reliance on cyber–physical systems grows, the interconnectivity and commercialization of space assets increases the attack surface and cybersecurity risks. Recent incidents affecting space infrastructure underscore the urgent need for robust cybersecurity measures. Legislators in the EU and other countries are addressing cyber risks to space and ground assets by developing minimum protection requirements. To support these measures, this paper evaluates whether existing security metrics in the literature cover all NIST functions, categories, and subcategories in the Cybersecurity Framework 2.0 (CSF 2.0). This framework provides a strong foundation for industry sectors and can serve as a baseline to ensure compliance with directives like NIS2. Our analysis reveals imbalances in academic discourse, with certain CSF 2.0 functions underrepresented. Then, we propose new metrics to address unaddressed NIST categories and adapt existing metrics to better suit the space domain. Considering practical challenges in implementing and monitoring these metrics, we propose a tool to facilitate their calculation and visualize security status. We also present a case study resembling real-world space infrastructure that demonstrates our tool’s applicability and the value of the designed metrics. Our research has managerial implications, supporting managers, CIOs, and CISOs in making informed decisions, helping companies understand their security levels, and complying with existing and forthcoming space sector regulations. We advocate for using security metrics to assess compliance with regulations like NIS2, CER, or upcoming space laws, demonstrating to policymakers that metrics can be integrated into policies to enhance their effectiveness.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100805"},"PeriodicalIF":5.3,"publicationDate":"2025-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145266573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A novel data–intelligence–driven three–stage dynamic model for resilience assessment in an emergency material support system 一种新的数据智能驱动的应急物资保障系统弹性评估三阶段动态模型

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-09-13 DOI: 10.1016/j.ijcip.2025.100804

Weilan Suo , Wenjie Xu , Longfei Li , Xiaolei Sun

Resilience is a crucial benchmark in characterizing the comprehensive capability of the emergency material support system (EMSS) to respond to major risk events. Given the involvement of multiple stakeholders, multiple stages and dynamic evolution, EMSS resilience assessment remains a challenge. Therefore, we attempt to develop a novel data–intelligence–driven three–stage dynamic model based on multi–source text data and multi–expert knowledge. In Stage 1, a large language models–enhanced named entity recognition model is proposed to extract and analyze EMSS risk events, providing a foundational dataset for scenario construction. In Stage 2, an ontology–based scenario construction model is proposed to abstract risk events into ontological concepts, providing a feature reference for the hierarchical system of assessment criteria. In Stage 3, a feature–matching assessment model is proposed to quantify the profile of EMSS resilience, where the uncertainty and variability in experts’ perceptions of resilience feature are addressed. Subsequently, the model effectiveness is demonstrated in a case study, in which the key criteria and improvement paths for EMSS resilience are identified. This study provides a holistic solution and efficient methodology for EMSS resilience assessment, offering significant insights into a multifaceted recognition of EMSS resilience to risk scenarios.

应变能力是衡量应急物资保障系统（EMSS）应对重大风险事件综合能力的重要指标。由于涉及多个利益相关者、多个阶段和动态演变，EMSS弹性评估仍然是一个挑战。因此，我们尝试开发一种基于多源文本数据和多专家知识的数据智能驱动的三阶段动态模型。第一阶段，提出了一种大型语言模型增强的命名实体识别模型，用于提取和分析EMSS风险事件，为场景构建提供基础数据集。第二阶段，提出基于本体的场景构建模型，将风险事件抽象为本体概念，为分级评价标准体系提供特征参考。在第三阶段，提出了一个特征匹配评估模型来量化EMSS弹性概况，其中解决了专家对弹性特征感知的不确定性和可变性。随后，通过案例研究证明了模型的有效性，并确定了EMSS弹性的关键标准和改进路径。本研究为EMSS弹性评估提供了一个整体的解决方案和有效的方法，为EMSS对风险情景的弹性的多方面认识提供了重要的见解。

{"title":"A novel data–intelligence–driven three–stage dynamic model for resilience assessment in an emergency material support system","authors":"Weilan Suo , Wenjie Xu , Longfei Li , Xiaolei Sun","doi":"10.1016/j.ijcip.2025.100804","DOIUrl":"10.1016/j.ijcip.2025.100804","url":null,"abstract":"<div><div>Resilience is a crucial benchmark in characterizing the comprehensive capability of the emergency material support system (EMSS) to respond to major risk events. Given the involvement of multiple stakeholders, multiple stages and dynamic evolution, EMSS resilience assessment remains a challenge. Therefore, we attempt to develop a novel data–intelligence–driven three–stage dynamic model based on multi–source text data and multi–expert knowledge. In Stage 1, a large language models–enhanced named entity recognition model is proposed to extract and analyze EMSS risk events, providing a foundational dataset for scenario construction. In Stage 2, an ontology–based scenario construction model is proposed to abstract risk events into ontological concepts, providing a feature reference for the hierarchical system of assessment criteria. In Stage 3, a feature–matching assessment model is proposed to quantify the profile of EMSS resilience, where the uncertainty and variability in experts’ perceptions of resilience feature are addressed. Subsequently, the model effectiveness is demonstrated in a case study, in which the key criteria and improvement paths for EMSS resilience are identified. This study provides a holistic solution and efficient methodology for EMSS resilience assessment, offering significant insights into a multifaceted recognition of EMSS resilience to risk scenarios.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100804"},"PeriodicalIF":5.3,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145105571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Protection of critical infrastructures in times of peace and war 在和平与战争时期保护关键基础设施

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-09-01 DOI: 10.1016/S1874-5482(25)00060-5

Roberto Setola

引用次数: 0

Dynamic optimization of multi-layered defenses inspired by Chakravyuh 受Chakravyuh启发的多层防御的动态优化

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-08-30 DOI: 10.1016/j.ijcip.2025.100794

Kishore Dutta

As adversaries grow more sophisticated, critical infrastructure demands defense systems that not only react but also learn and adapt dynamically. This work introduces a novel reinforcement learning framework inspired by the ancient Indian Chakravyuh formation, integrating Q-learning, Markov decision processes, and network optimization to model multi-layered security under uncertainty. The system enables attackers to attempt sequential node breaches while defenders deploy adaptive traps and allocate resources through quantifiable metrics including ROI-driven investment and critical node vulnerability analysis. Results demonstrate both vulnerabilities and strengths: universal Layer 0 breaches occur (Mean Time to Breach = 52 episodes) due to uneven resource allocation quantified by a high Gini coefficient of 0.712. Despite this vulnerability, deeper layers remain highly resilient — with over 90% of attacks halted by Layer 1 and fewer than 5% of episodes resulting in breaches beyond Layer 2. Trap deployment achieves high efficiency, with approximately 82% of traps being triggered, especially during early episodes. However, efficiency declines over time as attackers adapt and avoid traps. Resource allocation patterns scale linearly, ensuring sustainable defense operations. These findings validate how the fusion of Chakravyuh strategy with modern reinforcement learning creates an adaptive defense system, simultaneously exposing perimeter vulnerabilities for targeted reinforcement and demonstrating effective deeper-layer security through optimized stochastic policies.

随着对手变得越来越复杂，关键基础设施要求防御系统不仅要做出反应，还要动态学习和适应。这项工作引入了一种受古印度Chakravyuh构造启发的新型强化学习框架，将q学习、马尔可夫决策过程和网络优化集成到不确定性下的多层安全模型中。该系统允许攻击者尝试连续节点入侵，而防御者则部署自适应陷阱，并通过可量化的指标（包括roi驱动的投资和关键节点漏洞分析）分配资源。结果显示了漏洞和优势：普遍的第0层违规行为发生（平均违规时间= 52次），由于高基尼系数（0.712）量化的资源分配不均衡。尽管存在这些漏洞，但更深的层仍然具有很高的弹性——超过90%的攻击被第1层阻止，只有不到5%的事件导致第2层之外的漏洞。陷阱的部署效率很高，大约82%的陷阱被触发，尤其是在早期。然而，随着攻击者适应和避免陷阱，效率会随着时间的推移而下降。资源分配模式线性扩展，确保可持续的国防行动。这些发现验证了Chakravyuh策略与现代强化学习的融合如何创建一个自适应防御系统，同时暴露了针对性强化的外围漏洞，并通过优化的随机策略展示了有效的深层安全性。

{"title":"Dynamic optimization of multi-layered defenses inspired by Chakravyuh","authors":"Kishore Dutta","doi":"10.1016/j.ijcip.2025.100794","DOIUrl":"10.1016/j.ijcip.2025.100794","url":null,"abstract":"<div><div>As adversaries grow more sophisticated, critical infrastructure demands defense systems that not only react but also learn and adapt dynamically. This work introduces a novel reinforcement learning framework inspired by the ancient Indian <em>Chakravyuh</em> formation, integrating Q-learning, Markov decision processes, and network optimization to model multi-layered security under uncertainty. The system enables attackers to attempt sequential node breaches while defenders deploy adaptive traps and allocate resources through quantifiable metrics including ROI-driven investment and critical node vulnerability analysis. Results demonstrate both vulnerabilities and strengths: universal Layer 0 breaches occur (Mean Time to Breach = 52 episodes) due to uneven resource allocation quantified by a high Gini coefficient of 0.712. Despite this vulnerability, deeper layers remain highly resilient — with over 90% of attacks halted by Layer 1 and fewer than 5% of episodes resulting in breaches beyond Layer 2. Trap deployment achieves high efficiency, with approximately 82% of traps being triggered, especially during early episodes. However, efficiency declines over time as attackers adapt and avoid traps. Resource allocation patterns scale linearly, ensuring sustainable defense operations. These findings validate how the fusion of <em>Chakravyuh</em> strategy with modern reinforcement learning creates an adaptive defense system, simultaneously exposing perimeter vulnerabilities for targeted reinforcement and demonstrating effective deeper-layer security through optimized stochastic policies.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100794"},"PeriodicalIF":5.3,"publicationDate":"2025-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144919755","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0