Critical Information Infrastructures

This book constitutes the revised selected papers of the 14th International Conference on Critical Information Infrastructures Security, CRITIS 2019, held in Linköping, Sweden, in September 2019. The 10 full papers and 5 short papers presented were carefully reviewed and selected from 30 submissions. They are grouped in the following topical sections: Invited Papers, Risk Management, Vulnerability Assessment, Resilience and Mitigation Short Papers, and Industry and Practical Experience Reports.

The increased use of technology is necessary in order for industrial control systems to maintain and monitor industrial, infrastructural, or environmental processes. The need to secure and identify threats to the system is equally critical. Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection provides a full and detailed understanding of the vulnerabilities and security threats that exist within an industrial control system. This collection of research defines and analyzes the technical, procedural, and managerial responses to securing these systems.

The present volume aims to provide an overview of the current understanding of the so-called Critical Infrastructure (CI), and particularly the Critical Information Infrastructure (CII), which not only forms one of the constituent sectors of the overall CI, but also is unique in providing an element of interconnection between sectors as well as often also intra-sectoral control mechanisms. The 14 papers of this book present a collection of pieces of scientific work in the areas of critical infrastructure protection. In combining elementary concepts and models with policy-related issues on one hand and placing an emphasis on the timely area of control systems, the book aims to highlight some of the key issues facing the research community.

This book constitutes the post-conference proceedings of the 11th International Conference on Critical Information Infrastructures Security, CRITIS 2016, held in Paris, France, in October 2016. The 22 full papers and 8 short papers presented were carefully reviewed and selected from 58 submissions. They present the most recent innovations, trends, results, experiences and concerns in selected perspectives of critical information infrastructure protection covering the range from small-scale cyber-physical systems security via information infrastructures and their interaction with national and international infrastructures.

All critical infrastructures are increasingly dependent on the information infrastructure for information management, communications, and control functions. Protection of the critical information infrastructure (CIIP), therefore, is of prime concern. To help with this step, the National Academy of Engineering asked the NRC to assess the various legal issues associated with CIIP. These issues include incentives and disincentives for information sharing between the public and private sectors, and the role of FOIA and antitrust laws as a barrier or facilitator to progress. The report also provides a preliminary analysis of the role of criminal law, liability law, and the establishment of best practices, in encouraging various stakeholders to secure their computer systems and networks.

Basic services such as electricity, transportation, mobile communication and banking are the core infrastructures on which modern societies and economies rest. The seamless functioning of these critical information infrastructures is essential for the social and economic development and well-being of a nation-state. Recent developments in the cyber domain have unearthed a whole new dimension of security attributing to underlying vulnerabilities and interdependencies. The exploitation of these vulnerabilities in the different layers of cyber architecture, serve different objectives of nation-states, terror outfits and criminal syndicates. Despite the best of technology, management as well as security policies and practices at a nation-state's disposal, it is practically impossible to secure all critical elements of infrastructure against all odds. This monograph delves into the various aspects of definitions and understandings of critical information infrastructure and explores the threat actors, perspectives and trends in the emerging practice of critical information infrastructure protection.

The world moves on Critical Information Infrastructures, and their resilience and protection is of vital importance. Starting with some basic definitions and assumptions on the topic, this book goes on to explore various aspects of Critical Infrastructures throughout the world – including the technological, political, economic, strategic and defensive. This book will be of interest to the CEO and Academic alike as they grapple with how to prepare Critical Information Infrastructures for new challenges.

This book constitutes the refereed proceedings of the 16th International Conference on Critical Information Infrastructures Security, CRITIS 2021, which took place in Lausanne, Switzerland, during September 27-29, 2021. The 12 full papers included in this volume were carefully reviewed and selected from 42 submissions. They were organized in topical sections as follows: protection of cyber-physical systems and industrial control systems (ICS); C(I)IP organization, (strategic) management and legal aspects; human factor, security awareness and crisis management for C(I)IP and critical services; and future, TechWatch and forecast for C(I)IP and critical services.