International Journal of Critical Infrastructure Protection最新文献

While many countries and international organizations with maritime security interests and rights at sea have developed new security strategies or policies in the wake of the 9/11 terrorist attacks in the United States of America, they have accordingly changed or created new maritime security strategies or doctrines with appropriate Maritime Situational Awareness (MSA) models as well. Maritime deterioration, climate change, cyberattacks, serious and organized crime, epidemics, and state-made threats are just some of the new and growing concerns affecting maritime security. The sabotage of the Nord Stream gas pipelines in the Baltic Sea has given maritime security doctrines and frameworks a new dimension. In this article, the current maritime security approaches and maritime domain or situational awareness (MDA/MSA) model examples of some countries and international organizations from different geographic regions and also the ones that are located in the maritime choke point regions where global maritime trade routes are located and also the effects of the Nord Stream Pipelines sabotages on these are examined in light of the new threats and risks. The principle result reached in this study is that countries and international structures should have a cross governmental maritime security strategy, or at least a doctrine, in order to guide their own maritime situational awareness models and identify information sharing architectures. The most important result of the sabotages on Nord Stream Pipelines for MSA models in this study is that the fastest and most cost-effective method for protecting critical infrastructure under the seas is the concept of systems such as Mothership controlled autonomous and unmanned underwater vehicles, extra large unmanned undersea vehicles and Synthetic-aperture radar (SAR) satellites.

Contemporary societies are increasingly dependent on products and services provided by Critical Infrastructure (CI) such as power plants, energy distribution networks, transportation systems and manufacturing facilities. Due to their nature, size and complexity, such CIs are often supported by Industrial Automation and Control Systems (IACS), which are in charge of managing assets and controlling everyday operations.

As these IACS become larger and more complex, encompassing a growing number of processes and interconnected monitoring and actuating devices, the attack surface of the underlying CIs increases. This situation calls for new strategies to improve Critical Infrastructure Protection (CIP) frameworks, based on evolved approaches for data analytics, able to gather insights from the CI.

In this paper, we propose an Intrusion and Anomaly Detection System (IADS) framework that adopts forensics and compliance auditing capabilities at its core to improve CIP. Adopted forensics techniques help to address, for instance, post-incident analysis and investigation, while the support of continuous auditing processes simplifies compliance management and service quality assessment.

More specifically, after discussing the rationale for such a framework, this paper presents a formal description of the proposed components and functions and discusses how the framework can be implemented using a cloud-native approach, to address both functional and non-functional requirements. An experimental analysis of the framework scalability is also provided.

Critical infrastructure systems (CISs) play an essential role in modern society, as they are important for maintaining critical social functions, economic organisation, and national defence. Recently, CISs resilience has gained popularity in both academic and policy filed facing increased natural or technological disasters. Resilience assessments have become convenient and common tools for disaster management, as assessment results provide useful information to CIS managers. However, CISs resilience assessment is facing challenges of being practical to use in operational risk management.

Although there are many existing assessments for CISs resilience, some shortcomings relating to assessment criteria, which cannot turn resilience useful in practical operation, are frequent in their assessment process. Existing assessments are based on different definitions, which makes criteria generalization difficult. Besides, these assessments are not comprehensive enough. Especially, few assessments address both the cost, effectiveness, and safety of optimisation actions. Moreover, most of the suggested criteria are not specific enough for being used for practical CISs risk management in real cases.

This article develops therefore a multi-criteria framework (MCF) for CISs resilience, consisting of general criteria and a guide for defining specific sub-criteria. In this MCF, the side effects, cascading effects and cost-benefit in resilience scenarios are considered indispensable for CISs resilience assessment. The paper also presents an example of the application of the developed guide through two detailed scenarios, one on a single infrastructural system affected by a natural disaster, and the other addressing the interdependence of this infrastructural system and an urban healthcare system. The designed MCF contributes to the operationalisation and comprehensiveness of CISs resilience assessments.

Critical Infrastructures (CI) underpin the basic functioning of society and the economy. Proper governance of CI security management remains a crucial challenge. This study aims to construct a knowledge graph for modeling CI protection. While the previous research has focused on threat intelligence modeling and open knowledge bases, they miss considering the defense side. Accordingly, we propose a knowledge graph for critical infrastructure protection, CIPKG, that extends the management ontology to include the defense side. It addresses the cross-industry and cross-time information gaps that occur in the process of CI protection management, making it more comprehensive in structure than the existing knowledge graph. We employ simplified Structured Threat Information Expression as attack ontology and design a new ontology for the defense side, which could combine with the existing threat ontology to form the CI protection knowledge graph. To dynamically extract information from emerging knowledge, we employ a Bi-directional Long Short-Term Memory and Conditional Random Field model with pre-trained cybersecurity domain-specific Bidirectional Encoder Representations from Transformers to recognize the named entities from CI regulations and standards. To associate the threat part with the management portion of the knowledge graph, we adopt the Knowledge Graph Bidirectional Encoder Representations from Transformer model to capture the semantic information and predict the relationship between threat and management. After information extraction and relation prediction, we build a knowledge graph with 529,360 nodes and about 3,335,000 edges.