Visible to the public Threat awareness for critical infrastructures resilience

TitleThreat awareness for critical infrastructures resilience
Publication TypeConference Paper
Year of Publication2016
AuthorsGouglidis, A., Green, B., Busby, J., Rouncefield, M., Hutchison, D., Schauer, S.
Conference Name2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM)
Date Publishedsep
KeywordsContext, critical infrastructure resilience, critical infrastructures, data protection, Europe, European utility company, integrated circuits, Market research, pubcrawl, public utilities, resilience, Resiliency, Resilient Security Architectures, security, security awareness, security of data, security risk, Smart grids, Social Engineering, software architecture, threat awareness, threat awareness architecture, utility network protection
Abstract

Utility networks are part of every nation's critical infrastructure, and their protection is now seen as a high priority objective. In this paper, we propose a threat awareness architecture for critical infrastructures, which we believe will raise security awareness and increase resilience in utility networks. We first describe an investigation of trends and threats that may impose security risks in utility networks. This was performed on the basis of a viewpoint approach that is capable of identifying technical and non-technical issues (e.g., behaviour of humans). The result of our analysis indicated that utility networks are affected strongly by technological trends, but that humans comprise an important threat to them. This provided evidence and confirmed that the protection of utility networks is a multi-variable problem, and thus, requires the examination of information stemming from various viewpoints of a network. In order to accomplish our objective, we propose a systematic threat awareness architecture in the context of a resilience strategy, which ultimately aims at providing and maintaining an acceptable level of security and safety in critical infrastructures. As a proof of concept, we demonstrate partially via a case study the application of the proposed threat awareness architecture, where we examine the potential impact of attacks in the context of social engineering in a European utility company.

URLhttp://ieeexplore.ieee.org/document/7608287/
DOI10.1109/RNDM.2016.7608287
Citation Keygouglidis_threat_2016