Abstract
This paper presents a new approach to analyse cybersecurity challenges and opportunities, focused on the development of a new risk assessment and management framework. Such a multi-sector assessment framework should be able to evaluate and prioritize cybersecurity risks in trans-sectoral and inter-sectoral contexts. It leads toward proper resource allocations and mitigation actions. To achieve this goal, the analysis of existing risk assessment and management frameworks was performed. Also, an overview on common multi-sectoral technological challenges and opportunities were provided being derived from sector-specific use cases as well as transversal and inter-sectoral challenges and opportunities. As a result of this analysis the architecture of the ECHO Multi-sector Assessment Framework was proposed. The identified technological challenges and opportunities, multi-sector dependencies, and transversal aspects determine the input data for the new framework. The architecture is applicable in healthcare, energy, maritime transportation, and defence sectors, being extensible to others. The framework enables the definition of governance models or the design of cybersecurity technology roadmaps.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tselkov, V.: A glance at the general personal data protection regulation. In: Proceedings of the International Scientific Conference on European Union policy on the protection of information and personal data, Shumen, pp. 209–214 (2018)
Iliev, R., Genchev, A.: Information security and cybersecurity of corporate information systems. In: Proceedings of the HEMUS International Scientific Conference, Plovdiv (2018)
Nikolov, A., Hristozov, I.: Issues and challenges for the development of a national system for cybersecurity. Mil. J. 3, 7–13 (2015)
Cybersecurity in Europe: stronger rules and better protection. https://www.consilium.europa.eu/en/policies/cybersecurity/. Accessed 26 Feb 2020
ECHO Project Website. https://echonetwork.eu. Accessed 02 Feb 2020
Niemiec, M., Jaglarz, P., Jekot, M., Chołda, P., Boryło, P.: Risk assessment approach to secure northbound interface of SDN networks. In: 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu (2019)
D2.2 ECHO Multi-Sector Assessment Framework. ECHO project consortium (2019)
ISO 31000:2018 Risk management—Guidelines. https://www.iso.org/standard/65694.html. Accessed 28 Feb 2020
The TOGAF Standard. https://publications.opengroup.org/c182. Accessed 28 Feb 2020
NIST Special Publication 800-30 Guide for Conducting Risk Assessments. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf. Accessed 28 Feb 2020
MEHARI Overview. http://meharipedia.x10host.com/wp/wp-content/uploads/2019/05/MEHARI-Overview-2019.pdf. Accessed 28 Feb 2020
MAGERIT v.3: Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información. https://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html?idioma=en#.Xl1XC0pCdPY. Accessed 28 Feb 2020
D2.4 Inter-Sector Technology Challenges And Opportunities. ECHO project consortium (2020)
Nai-Fovino, I., et al.: A Proposal for a European Cybersecurity Taxonomy. Publications Office of the European Union (2019)
Mikolic-Torreira, I., et al.: Cybersecurity policy options, RAND Corporation (2016)
Moulinos, K., Drougkas, A., Dellios, K., Kasse, P.: Good practices on interdependencies between OES and DSPs, ENISA (2018)
Global research shows AI will shape 2020 tech but pose potential risks. https://www.contracts.mod.uk/do-uk-and-international-news/global-research-shows-ai-will-shape-2020-tech-but-pose-potential-risks/. Accessed 15 Feb 2020
Mattioli, R., Moulinos, K.: Communication network interdependencies in smart grids, ENISA (2015)
Egozcue, E., Herreras Rodríguez, D., Ortiz, J., Fidalgo Villar, V., Tarrafeta, L.: Smart Grid Security Recommendations, ENISA (2012)
D2.5 Multi-sector Requirements Definition and Demonstration Cases, ECHO project consortium (2020)
D2.1 Sector Scenarios and Use Case Analysis. ECHO project consortium (2019)
D2.3 Transversal Cybersecurity Challenges and Opportunities. ECHO project consortium (2019)
Acknowledgements
This work has been funded by the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no. 830943, the ECHO project and partially by the European Union’s Horizon 2020 Research and Innovation Program under Grant Agreement no. 830927, the CONCORDIA project.
The authors would like to thank all partners involved in ECHO project who contributed to WP2 deliverables D2.1, D2.2, D2.3, D2.4, and D2.5.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Pappalardo, S.M., Niemiec, M., Bozhilova, M., Stoianov, N., Dziech, A., Stiller, B. (2020). Multi-sector Assessment Framework – a New Approach to Analyse Cybersecurity Challenges and Opportunities. In: Dziech, A., Mees, W., Czyżewski, A. (eds) Multimedia Communications, Services and Security. MCSS 2020. Communications in Computer and Information Science, vol 1284. Springer, Cham. https://doi.org/10.1007/978-3-030-59000-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-59000-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58999-8
Online ISBN: 978-3-030-59000-0
eBook Packages: Computer ScienceComputer Science (R0)