How to assess future security threats to critical infrastructure systems? Lessons learnt and best practices from a security risk assessment of the ERTMS in Norway

The term “Cloud Computing” has become very common in our daily life. Cloud computing has emerged with promises to decrease the cost of computing implementation and deliver the computing as service, where the clients pay only for what he needed and used. However, due to the new structure of the cloud computing model, several security concerns have been raised and many other security threats have been needed to be reevaluated according to the cloud structure. Besides, the traditional security risk assessment methods become unfit for cloud computing model due to its new distinguished characteristics. In this paper, we analysis the traditional information security risk assessment methods’ ability to assess the security risks in cloud computing environments.

Download Full-text

Seismic risk assessment of interdependent critical infrastructure systems: The case of European gas and electricity networks

Earthquake Engineering & Structural Dynamics ◽

10.1002/eqe.1118 ◽

2011 ◽

Vol 41 (1) ◽

pp. 61-79 ◽

Cited By ~ 88

Author(s):

Karmen Poljanšek ◽

Flavio Bono ◽

Eugenio Gutiérrez

Keyword(s):

Risk Assessment ◽

Seismic Risk ◽

Critical Infrastructure ◽

Seismic Risk Assessment ◽

Infrastructure Systems ◽

Electricity Networks ◽

Critical Infrastructure Systems

Download Full-text

Cyber Physical Systems Security for Maritime Assets

Journal of Marine Science and Engineering ◽

10.3390/jmse9121384 ◽

2021 ◽

Vol 9 (12) ◽

pp. 1384

Author(s):

Iosif Progoulakis ◽

Paul Rohmeyer ◽

Nikitas Nikitakos

Keyword(s):

Risk Assessment ◽

Cyber Security ◽

Cyber Physical Systems ◽

Assessment Tools ◽

Security Threats ◽

Maritime Industry ◽

Security Risk ◽

Physical Security ◽

Physical Systems ◽

Security Risk Assessment

The integration of IT, OT, and human factor elements in maritime assets is critical for their efficient and safe operation and performance. This integration defines cyber physical systems and involves a number of IT and OT components, systems, and functions that involve multiple and diverse communication paths that are technologically and operationally evolving along with credible cyber security threats. These cyber security threats and risks as well as a number of known security breach scenarios are described in this paper to highlight the evolution of cyber physical systems in the maritime domain and their emerging cyber vulnerabilities. Current industry and governmental standards and directives related to cyber security in the maritime domain attempt to enforce the regulatory compliance and reinforce asset cyber security integrity for optimum and safe performance with limited focus, however, in the existing OT infrastructure and systems. The use of outside-of-the-maritime industry security risk assessment tools and processes, such the API STD 780 Security Risk Assessment (SRA) and the Bow Tie Analysis methodologies, can assist the asset owner to assess its IT and OT infrastructure for cyber and physical security vulnerabilities and allocate proper mitigation measures assuming their similarities to ICS infrastructure. The application of cyber security controls deriving from the adaptation of the NIST CSF and the MITRE ATT&CK Threat Model can further increase the cyber security integrity of maritime assets, assuming they are periodically evaluated for their effectiveness and applicability. Finally, the improvement in communication among stakeholders, the increase in operational and technical cyber and physical security resiliency, and the increase in operational cyber security awareness would be further increased for maritime assets by the convergence of the distinct physical and cyber security functions as well as onshore- and offshore-based cyber infrastructure of maritime companies and asset owners.

Download Full-text