Skip to main content
SpringerLink
Log in

Modeling and Assessing the Impacts of Cyber Threats on Interdependent Critical Infrastructures

  • Conference paper
  • First Online:
Critical Infrastructure Protection XVII (ICCIP 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 686))

Included in the following conference series:

  • 71 Accesses

Abstract

Critical infrastructures are complex networks with physical, geographical, logical and cyber interdependencies whose disruption can cause serious impacts to citizenry and society. Meanwhile, the use of information and communications technology to manage physical processes in critical infrastructure assets has significantly increased their cyber attack surfaces. The increased threats have led to the creation of national and international cyber security agencies to promote awareness of cyber threats and coordinate responses to cyber attacks.

In 2019, Italy set up the National Security Perimeter for Cyber, a regulatory construct that stipulates measures for guaranteeing the safety and security of public and private entities that provide essential functions and services. The law associated with the regulatory construct requires the covered entities to accurately describe their networks, information and communications technology systems and related services. The 2021 Italian legislation that established the National Cybersecurity Agency requires all National Security Perimeter for Cyber entities to inform the national agency about their assets. The National Cybersecurity Agency also collects detailed infrastructure information as well as reports about cyber attacks from the entities.

This chapter describes an ongoing research effort that supports Italian legislative requirements. In particular, it demonstrates how the consequences of cyber threats can be assessed in complex scenarios using an agent-based simulator that evaluates the National Cybersecurity Agency model under ransomware and distributed-denial-of-service attacks on interconnected Italian infrastructures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alladi, T., Chamola, V., Zeadally, S.: Industrial control systems: cyberattack trends and countermeasures. Comput. Commun. 155, 1–8 (2020)

    Article  Google Scholar 

  2. Amélie, G., Aurélia, B., Emmanuel, L., Mohamed, E., Gilles, D.: The challenge of critical infrastructure dependency modelling and simulation for emergency management and decision making by the civil security authorities. In: Rome, E., Theocharidou, M., Wolthusen, S. (eds.) CRITIS 2015. LNCS, vol. 9578, pp. 255–258. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33331-1_23

    Chapter  Google Scholar 

  3. Assante, M., Lee, R.: The Industrial Control System Cyber Kill Chain, White Paper, SANS Institute, Bethesda, Maryland (2015)

    Google Scholar 

  4. Bernardini, E., Foglietta, C., Panzieri, S.: Modeling telecommunications infrastructures using the CISIApro 2.0 simulator. In: ICCIP 2020. IAICT, vol. 596, pp. 325–348. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62840-6_16

    Chapter  Google Scholar 

  5. Cyber and Infrastructure Security Centre, CIPMA: Critical Infrastructure, Program for Modeling and Analysis, Australian Department of Home Affairs, Canberra, Australia (2015)

    Google Scholar 

  6. Digioia, G., Foglietta, C., Panzieri, S., Falleni, A.: Mixed holistic reductionistic approach for impact assessment of cyber attacks. In: Proceedings of the European Intelligence and Security Informatics Conference, pp. 123–130 (2012)

    Google Scholar 

  7. Dudley, R., Golden, D.: The Colonial Pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms, ProPublica (24 May 2021)

    Google Scholar 

  8. European Cybersecurity Competence Centre and Network, Bucharest, Romania (2023). (cybersecurity-centre.europa.eu/index_en)

    Google Scholar 

  9. European Network and Information Security Agency, ENISA Threat Landscape 2022, Heraklion, Greece (2022) (www.enisa.europa.eu/publications/enisa-threat-landscape-2022)

  10. European Network and Information Security Agency, ENISA Threat Landscape for Ransomware Attacks, Heraklion, Greece (2022). (www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks)

  11. European Parliament and the Council of the European Union, Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union, Document 32016L1148, Brussels, Belgium (2016)

    Google Scholar 

  12. Ficco, M., Choras, M., Kozik, R.: Simulation platform for cyber-security and vulnerability analysis of critical infrastructures. J. Comput. Sci. 22, 179–186 (2017)

    Article  Google Scholar 

  13. Foglietta, C., Panzieri, S.: Resilience in critical infrastructures: the role of modeling and simulation. In: Rosato, V., Di Pietro, A. (eds.) Issues on Risk Analysis for Critical Infrastructure Protection, IntechOpen, London, United Kingdom, pp. 3–18 (2020)

    Google Scholar 

  14. Franchina, L., Socal, A.: Innovative predictive model for smart city security risk assessment. In: Proceedings of the Forty-Third International Convention on Information, Communications and Electronic Technology, pp. 1831–1836 (2020)

    Google Scholar 

  15. Goodell, J., Corbet, S.: Commodity market exposure to energy-firm distress: evidence from the colonial pipeline ransomware attack. Finance Res. Lett. 51, 103329 (2023)

    Article  Google Scholar 

  16. Hobbs, A.: The Colonial Pipeline hack: Exposing vulnerabilities in U.S. cybersecurity, SAGE Business Cases (6 July 2021)

    Google Scholar 

  17. International Electrotechnical Commission, IEC 62443 Series - Industrial Communication Networks - Network and System Security, Geneva, Switzerland, 2009–2023

    Google Scholar 

  18. Katagiri, N.: Hackers of critical infrastructure: expectations and limits of the principle of target distinction. Inter. Rev. Law Comput. Technol. article no. 2164462 (2023)

    Google Scholar 

  19. Knowles, W., Prince, D., Hutchison, D., Pagna Disso, J., Jones, K.: A survey of cyber security management in industrial control systems. Inter. J. Critical Infrastructure Protect. 9, 52–80 (2015)

    Article  Google Scholar 

  20. Miclea, L., Sanislav, T.: About dependability in cyber-physical systems. In: Proceedings of the Ninth East-West Design and Test Symposium, pp. 17–21 (2011)

    Google Scholar 

  21. National Cybersecurity Agency, National Cybersecurity Strategy 2022 – 2026, Rome, Italy. (2022) (www.acn.gov.it/ACN_EN_Strategia.pdf)

  22. Oliva, G., Panzieri, S., Setola, R.: Modeling and simulation of critical infrastructures. WIT Trans. State-of-the-Art Sci. Eng. 54, 39–56 (2012)

    Article  Google Scholar 

  23. Pathirana, A.: EPANET2 desktop application for pressure-driven demand modeling. In: Proceedings of the Twelfth Annual Conference on Water Distribution System Analysis, pp. 65–74 (2010)

    Google Scholar 

  24. Republic of Italy, Legislative Decree of May 18, 2018, no. 65 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, L.D. no. 65/2018, Rome, Italy (2018). (www.gazzettaufficiale.it/eli/id/2018/06/09/18G00092/sg)

  25. Republic of Italy, Law Decree of September 21, 2019, no. 105 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, L.D. no. 105/2019, Rome, Italy (2019). (www.gazzettaufficiale.it/eli/id/2019/09/21/19G00111/sg)

  26. Republic of Italy, Decree of the President and the Council of Ministers of July 30, 2020, no. 131 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, DPCM no. 131/2020, Rome, Italy (2020). (www.gazzettaufficiale.it/eli/id/2020/10/21/20G00150/sg)

  27. Republic of Italy, Decree of the President of the Republic of February 5, 2021, no. 54 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, DPR no. 54/2021, Rome, Italy (2021). (www.gazzettaufficiale.it/eli/id/2021/04/23/21G00060/sg)

  28. Republic of Italy, Decree of the President and the Council of Ministers of April 14, 2021, no. 81 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, DPCM no. 81/2021, Rome, Italy (2021). (www.gazzettaufficiale.it/eli/id/2021/06/11/21G00089/sg)

  29. Republic of Italy, Legal Decree of June 14, 2021, no. 82 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, L.D. no. 82/2021, Rome, Italy (2021). (www.gazzettaufficiale.it/eli/id/2021/06/14/21G00098/sg)

  30. Republic of Italy, Decree of the President and the Council of Ministers of June 15, 2021, no. 198 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, DPCM no. 198/2021, Rome, Italy (2021). (www.gazzettaufficiale.it/eli/id/2021/08/19/21A05087/sg)

  31. Republic of Italy, Decree of the President and the Council of Ministers of May 18, 2022, no. 92 (in Italian), Gazzeta Ufficiale della Repubblica Italiana, DPCM no. 92/2022, Rome, Italy (2022). (www.gazzettaufficiale.it/eli/id/2022/07/15/22G00099/sg)

  32. Williams, T.: The Purdue enterprise reference architecture. Comput. Ind. 24(2–3), 141–158 (1994)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University Roma Tre, Rome, Italy

    Valeria Bonagura, Chiara Foglietta & Stefano Panzieri

  2. National Cybersecurity Agency, Rome, Italy

    Massimiliano Rossi, Riccardo Santini & Monica Scannapieco

  3. Hermes Bay, Rome, Italy

    Luisa Franchina

Authors
  1. Valeria Bonagura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chiara Foglietta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefano Panzieri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Massimiliano Rossi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Riccardo Santini
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Monica Scannapieco
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Luisa Franchina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stefano Panzieri .

Editor information

Editors and Affiliations

  1. University of Tulsa, Tulsa, OK, USA

    Jason Staggs

  2. University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bonagura, V. et al. (2024). Modeling and Assessing the Impacts of Cyber Threats on Interdependent Critical Infrastructures. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XVII. ICCIP 2023. IFIP Advances in Information and Communication Technology, vol 686. Springer, Cham. https://doi.org/10.1007/978-3-031-49585-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49585-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49584-7

  • Online ISBN: 978-3-031-49585-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation