Cited By
View all- Chochia AGvineria SMölder H(2024)Building a Legislative Framework for Securing Georgia’s Strategic AssetsTalTech Journal of European Studies10.2478/bjes-2024-001314:1(271-302)Online publication date: 3-Jun-2024
Security and Protection of Critical Infrastructures: A Conceptual and Regulatory Overview for Network and Information Security in the European Framework, also focusing upon the Cloud Perspective
Authors: 
Ioannis P. Chochliouros, Anastasia S. Spiliopoulou, Ioannis M. Stephanakis, Dimitrios N. Arvanitozisis, Evangelos Sfakianakis, Maria Belesioti, Evangelia Georgiadou, Nina MitsopoulouAuthors Info & Claims
Ioannis P. Chochliouros, Anastasia S. Spiliopoulou, Ioannis M. Stephanakis, Dimitrios N. Arvanitozisis, Evangelos Sfakianakis, Maria Belesioti, Evangelia Georgiadou, Nina MitsopoulouAuthors Info & ClaimsArticle No.: 28, Pages 1 - 10
Abstract
In the concept of the present work we intend to identify the importance for the promotion, the establishment and the effective development of suitable measures towards protecting and supporting modern critical infrastructures (CIs), as the latter compose essential parts of our modern societies and economies. Thus, we first discuss and analyze, in depth, the necessary conceptual definitions together with all related policy initiatives and other potential corresponding approaches globally, but by putting particular emphasis upon the actual European environment. As CIs are fundamental elements -or modules- for growth and development, the modern European strategy framework implicates for suitable measures to be applied to adequately fulfil that purpose, in particular for assessing any potential risks that may be harmful for the proper functioning -or even for the viability- of such important infrastructures. Then, we focus our concerns upon the exact context implicated by the present multi-faced challenges for ensuring an appropriate level of network and information security (NIS) and protection within the broader CI environment. In fact, we discuss in detail and also we assess a wide variety of issues affecting the proper role of IT tools and of related facilities, in general, as an indispensable part of the CI protection in the modern EU policy. Then, we concentrate upon the option of properly considering the cloud as a means for supporting IT relevant to serve CI protection. Under the innovative features introduced by the innovations promoted by cloud computing, related opportunities are also discussed, together with associated threats. Critical infrastructure providers have stringent security assurance and resilience requirements that reflect business, regulatory and legal obligations. To ensure these are properly met when providers use the cloud, techniques for assurance evaluation have to be produced. In this context we also refer to the specific initiatives structured and developed within the scope of the EU-funded SECCRIT research program that promote a first significant attempt to deal with that major challenge.
References
[1]
Moteff, J., Copeland, C. and Fischer, J. 2003. Critical Infrastructures: What Makes an Infrastructure Critical?, Report for Congress (Library of Congress, Congressional Research Service). Washington, DC. DOI= http://www.fas.org/irp/crs/RL31556.pdf.
[2]
Council of the European Union 2008. Council Directive 2008/114/ EC of 8 December 2008 February 2007 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection, Official Journal (OJ) L345, 75--82. Council of the European Union, Brussels, Belgium.
[3]
Rinaldi S.M, Peerenboom, J.P. and Kelly, T.K. 2001. Identifying, understanding and analysing critical infrastructure interdependencies. IEEE Control Systems Magazine, 21, 6 (December 2001), 11--25. DOI= http://user.it.uu.se/~bc/Art.pdf.
[4]
Council of the European Union 2007. Council Decision of 12 February 2007 establishing for the period 2007 to 2013, as part of General Programme on Security and Safeguarding Liberties, the Specific Programme "Prevention, Preparedness and Consequence Management of Terrorism and other Security related risks", Official Journal L58, 1--6. Council of the European Union, Brussels, Belgium.
[5]
Commission of the European Communities 2005. Green Paper on "A European Programme for Critical Infrastructure Protection" {COM(2005) 576 final, 17.11.2005}. European Commission, Brussels, Belgium.
[6]
US President's Commission on Critical Infrastructure Protection 1997. Critical Foundations: Protecting America's Infrastructures. Washington, DC. DOI= https://fas.org/sgp/library/pccip.pdf.
[7]
Yusta, J.M., Correa, G.J. and Lacal-Arántegui, R. 2011. Methodologies and applications for critical infrastructure protection: State-of-the-art. Energy Policy 39, 10 (October 2011), 6100--6119.
[8]
Metzger, J. 2004. The concept of critical infrastructure protection. In Business and Security Public-Private Sector Relationships in a New Security Environment, Bailes, A. and Frommelt, I. (Eds). Oxford University Press, New York, NY 197--209.
[9]
Sterbenz, J.P.G., Hutchison, D., Çetinkaya, E.K., Jabbar, A., Rohrer, J.P., Schoeler. M. and Smith. P. 2010. Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Computer Networks, 54, 8 (June 2010), 1245--1265.
[10]
European Council 2010. Conclusions of the European Council of 10/11 December 2009 on "The Stockholm Programme"- An Open and Secure Europe serving and protecting citizens (2010-2014), Official Journal C115, 04.05.2010, 1--38. European Council, Brussels, Belgium.
[11]
Commission of the European Communities 2010. The EU Internal Security Strategy in Action: Five steps toward a more secure Europe {COM (2010) 673 final, 22.11.2010}. European Commission, Brussels, Belgium.
[12]
Commission of the European Communities 2014. The Final Implementation report on the EU Internal Security Strategy 2010--2014 {COM (2014) 365 final, 20.06.2014}. European Commission, Brussels, Belgium.
[13]
Krger, W. 2008. Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools. Reliability Engineering & System Safety, 93, 12 (December 2008), 1781--1787.
[14]
Lewis, A.M., Ward, D., Cyra, L. and Kourti, N. 2013. European reference network for critical infrastructure protection. International. Journal of Critical Infrastructure Protection, 6, 1 (March 2013), 51--60.
[15]
Commission of the European Communities 2012. Commission Staff Working Document on the Review of the European Program for Critical Infrastructure Protection (EPCIP) {SWD(2012) 190 final, 22.06.2012}. European Commission, Brussels, Belgium.
[16]
Commission of the European Communities 2004. Communication on Critical Infrastructure Protection in the fight against Terrorism {COM(2004) 702 final, 20.12.2004}. European Commission, Brussels, Belgium.
[17]
Commission of the European Communities 2006. Communication on A European Programme for Critical Infrastructure Protection {COM(2006) 786 final, 12.12.2006}. European Commission, Brussels, Belgium.
[18]
Sarewitz, D., Pielke, R. and Keykhah, M. 2003. Vulnerability and risk: Some thoughts from a political and policy perspective. Risk Analysis, 23, 4 (April 2003), 805--810. DOI= http://sciencepolicy.colorado.edu/admin/publication_files/2003.23.pdf.
[19]
Rosato, V. 2008. Modelling interdependent infrastructures using interacting dynamic models. Int. J. Critical Infrastructures, 4(1/2), 63--79. DOI= 10.1504/IJCIS.2008.016092.
[20]
Bier, V.M. 2009. Game Theoretic Risk Analysis of Security Threats. Springer, New-York, NY.
[21]
Giannopoulos, G., Filippini, R. and Schimmer, M. 2012. Risk Assessment Methodologies for Critical Infrastructure Protection. Part I: A State of the Art - JRC Technical Notes. European Commission, Joint Research Centre, Institute for the Protection and Security of the Citizen, Luxembourg.
[22]
Lindberg, A.-K., Hansson, S.O. and Rollenhagen, C. 2010. Learning from accidents - What more do we need to know?, Safety Science 48, 6 (July 2010), 714--721.
[23]
Burgess, J.P. 2007. Social values and material threat: the European Programme for Critical Infrastructure Protection. Int. J. of Critical Infrastructures, 3(3/4), 471--487. DOI= 10.1504/IJCIS.2007.014121.
[24]
Hart, P. 't, Heyse, L. and Boin, A. 2001. Guest Editorial Introduction. New trends in crisis management. Practice and crisis management research: Setting the agenda. Journal of Contingencies and Crisis Management 9, 4 (December 2001), 181--188. DOI= 10.1111/1468-5973.00168.
[25]
Boin, A., Ekengren, M. and Rhinard, M. 2006. Protecting the Union: Analyzing an emerging policy space. Journal of European Integration, 28, 5 (November 2006), 405--421.DOI= 10.1080/07036330600979573.
[26]
Rosenthal, U., Boin, R.A. and Comfort, L.K. 2001. Managing Crises: Threats, Dilemmas, Opportunities. Charles C. Thomas, Springfield, IL.
[27]
US Department of Homeland Security 2010. Information Technology Sector-Specific Plan - An Annex to the National Infrastructure Protection Plan. Washington, DC. DOI= http://www.it-scc.org/uploads/4/7/2/3/47232717/nipp-ssp-information-tech-2010.pdf.
[28]
International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 2011. Information technology - Security techniques - Information security risk management, ISO/IEC 27005:2011. ISO, Geneva, Switzerland.
[29]
US Department of Homeland Security 2010b. Enabling Distributed Security in Cyberspace Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action. Washington, DC, 2010. DOI= http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf.
[30]
Commission of the European Communities 2006b. Communication on A strategy for a Secure Information Society -- "Dialogue, Partnership and Empowerment" {COM(2006) 251 final, 31.05.2006}. European Commission, Brussels, Belgium.
[31]
Commission of the European Communities 2009. Communication on Critical Information Infrastructure Protection - "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience" {COM(2009) 149 final, 30.03.2009}. European Commission, Brussels, Belgium.
[32]
European Parliament and Council 2002. Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L201, 31.07.2002, 37--47. European Parliament and Council, Brussels, Belgium.
[33]
European Communities 2000. Charter of the Fundamental Rights of the European Union, OJ C364, 18.12.2000, 1--22. European Communities, Brussels, Belgium.
[34]
Commission of the European Communities 2012b. Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General data Protection Regulation) {COM(2012) 11 final, 30.03.2012}. European Commission, Brussels, Belgium.
[35]
Commission of the European Communities 2002. Communication on eEurope 2005: An Information society for All {COM(2002) 263 final, 28.05.2002}. European Commission, Brussels, Belgium.
[36]
Commission of the European Communities 2010b. Communication on A Digital Agenda for Europe {COM(2010) 245 final, 19.05.2010}. European Commission, Brussels, Belgium.
[37]
Commission of the European Communities 2010c. Communication on Europe 2020 - A Strategy for Smart, Sustainable and Inclusive Growth {COM(2010) 2020 final, 03.03.2010}. European Commission, Brussels, Belgium.
[38]
Commission of the European Communities 2013. Proposal for a Directive of the European Parliament and of the concerning measures to ensure a high common level of network and information security across the Union {COM(2013) 48 final, 07.02.2013}. European Commission, Brussels, Belgium.
[39]
Commission of the European Communities 2012c. Communication on Unleashing the Potential of Cloud Computing in Europe {COM(2012) 529 final, 27.09.2012}. European Commission, Brussels, Belgium.
[40]
Takabi, H., Joshi, J.B.D. and Ahn, G.-J. 2010. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8, 6 (November/December 2010), 24--31. DOI= http://doi.ieeecomputersociety.org/10.1109/ MSP. 2010.186.
[41]
Catteddu, D. 2011. Security and Resilience in Governmental Clouds. Making an informed decision. European Network and Information Security Agency (ENISA). DOI= http://www.enisa.europa.eu/activities/risk-management/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds.
[42]
Mell, P. and Grance, T. 2011. The NIST Definition of Cloud Computing. NIST Special Publication 800-145. National Institute of Standards and Technology (NIST), Gaithersburg, MD. DOI= http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
[43]
Kushida, K.E., Murray, J. and Zysman, J. 2012. The gathering storm: Analyzing the cloud computing ecosystem and implications for public policy. Communications and Strategies, 85, 1st quarter 2012, 63--85.
[44]
Cloud Security Alliance (CSA) 2011. Quick Guide to the Reference Architecture - Trusted Cloud Initiative. Cloud Security Alliance. DOI= https://cloudsecurityalliance.org/media/news/csa-announces-tci-white-paper/.
[45]
de Bruijne, M. and van Eeten, M. 2007. Systems that should have failed: critical infrastructure protection in an institutionally fragmented environment. Journal of Contingencies and Crisis Management, 15, 1 (February 2007), 18--29. DOI= 10.1111/j.1468-5973.2007.00501.
[46]
Hudic, A., Hecht, T., Tauber, M., Mauthe, A. and Cáceres, S.E. 2014. Towards continuous cloud service assurance for critical infrastructure IT. In Proceedings of the IEEE 2014 International Conference on Future Internet of Things and Cloud (Barcelona, Spain, August 27--29, 2014. FiCloud, IEEE Computer Society, Washington, DC, 175--182. DOI= 10.1109/FiCloud.2014.36.
[47]
Bless, R., Schöller, M., Smith, P., Pallas, F. and Horneber, J. 2013. An architectural model for deploying critical infrastructure services in the cloud. In Proceedings of the IEEE International Conference on Cloud Computing Technology and Science 2013 (Bristol, UK, December 02--05, 2013). IEEE CloudCom 2013, IEEE, Washington, DC, 458--466. DOI= 10.1109/CloudCom.2013.53.
Index Terms
- Security and Protection of Critical Infrastructures: A Conceptual and Regulatory Overview for Network and Information Security in the European Framework, also focusing upon the Cloud Perspective
Recommendations
Critical Telecommunications Infrastructure Protection in Brazil
IWCIP '05: Proceedings of the First IEEE International Workshop on Critical Infrastructure ProtectionCritical infrastructure protection is a concern that directly affects not only companies or governments, but also whole countries. This project focuses specifically on the telecommunications infrastvtrcture, upon which many other critical ...
Critical Information Infrastructures Security Modeling
FRUCT'24: Proceedings of the 24th Conference of Open Innovations Association FRUCTThe paper discusses the modeling of various aspects of the security of critical information infrastructures (CII) in the assumption of creating a reference model of CII security in the future. The features of CII in terms of goals and safety criteria ...
Adding Security Concerns to Safety Critical Certification
ISSREW '14: Proceedings of the 2014 IEEE International Symposium on Software Reliability Engineering WorkshopsSafety-critical systems represent those systems whose failure may lead to catastrophic consequences on users and environment. Several methods and hazard analysis, and standards in different disciplines, have been defined in order to assure the systems ...
Comments
Information & Contributors
Information
Published In
Copyright © 2015 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- Aristotle University of Thessaloniki
- INNS: International Neural Network Society
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 25 September 2015
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
16th EANN workshops
16th EANN workshops: 16th Engineering Applications of Neural Networks Conference WORKSHOPS
September 25 - 28, 2015
Island, Rhodes, Greece
Acceptance Rates
EANN '15 Paper Acceptance Rate 36 of 60 submissions, 60%;
Overall Acceptance Rate 36 of 60 submissions, 60%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 277Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
Cited By
View all- Chochia AGvineria SMölder H(2024)Building a Legislative Framework for Securing Georgia’s Strategic AssetsTalTech Journal of European Studies10.2478/bjes-2024-001314:1(271-302)Online publication date: 3-Jun-2024
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in