Abstract
This paper reports the presentation and discussion during the Cybersecurity of Critical Infrastructures workshop organized as a part of the 18th IFIP Summer School on Privacy and Identity Management. Furthermore, this paper also pointed to several promising future research directions. This workshop was primarily aimed at empowering PhD candidates, MSc students, and early-career researchers with insights into Critical Infrastructure (CI) security. The workshop provided participants with guidance on navigating the intricacies of safeguarding CIs, such as those in the energy and oil and gas sectors. It encompasses various aspects, from familiarizing participants with cybersecurity standards and frameworks to understanding tools and approaches that adversaries might leverage to target a system. Additionally, it also addresses how to mitigate socio-legal implications and security issues, particularly in relation to human factors. This initiative embraced a holistic approach to cybersecurity education, covering vital components like rigorous risk management, comprehensive cybersecurity training and awareness programs. This in turn would equip participants with some essential knowledge and skills to fortify critical operations against the ever-evolving cyber threat landscape.
L. Erdődi, N. Lau and S.H. Houmb—These authors contributed equally to this work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Moteff, J.D., Parfomak, P.: Critical infrastructure and key assets: definition and identification. In: CRS Report for Congress. Congressional Research Service, Library of Congress Washington (2004)
Mohammed, A.S., Anthi, E., Rana, O., Saxena, N., Burnap, P.: Detection and mitigation of field flooding attacks on oil and gas critical infrastructure communication. Comput. Secur. 124, 103007 (2023)
Wells, E.M., Boden, M., Tseytlin, I., Linkov, I.: Modeling critical infrastructure resilience under compounding threats: a systematic literature review. Prog. Disaster Sci. 15, 100244 (2022)
Palleti, V.R., Adepu, S., Mishra, V.K., Mathur, A.: Cascading effects of cyber-attacks on interconnected critical infrastructure. Cybersecurity 4, 1–19 (2021)
Ani, U.P.D., He, H., Tiwari, A.: Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. J. Cyber Secur. Technol. 1(1), 32–74 (2017)
Chowdhury, N., Nystad, E., Reegård, K., Gkioulos, V.: Cybersecurity training in Norwegian critical infrastructure companies. Int. J. Saf. Secur. Eng. (IJSSE) 12(3), 299–310 (2022)
Toth, R., Erdodi, L.: Expanding horizons: the evolving landscape of development opportunities in cybersecurity training platforms (2023)
Chetwyn, R.A., Erdődi, L.: Towards dynamic capture-the-flag training environments for reinforcement learning offensive security agents. In: 2022 IEEE International Conference on Big Data (Big Data), pp. 2585–2594. IEEE (2022)
Geiger, M., Bauer, J., Masuch, M., Franke, J.: An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems. In: 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), vol. 1, pp. 1537–1543. IEEE (2020)
Zennaro, F.M., Erdődi, L.: Modelling penetration testing with reinforcement learning using capture-the-flag challenges: trade-offs between model-free learning and a priori knowledge. IET Inf. Secur. 17(3), 441–457 (2023)
International Electrotechnical Commission, IEC 62443 security for industrial automation and control systems (2023)
International Organization for Standardization, ISO 31000: Risk management - guidelines (2018)
International Organization for Standardization, International Standard ISO/IEC 27005 (2022)
Houmb, S.H., Iversen, F., Ewald, R., Færaas, E.: Intelligent risk based cybersecurity protection for industrial systems control-a feasibility study. In: International Petroleum Technology Conference. IPTC (2023)
Wang, H., Lau, N., Gerdes, R.M.: Examining cybersecurity of cyberphysical systems for critical infrastructures through work domain analysis. Hum. Factors 60(5), 699–718 (2018). https://doi.org/10.1177/0018720818769250
Lau, N., Wang, H., Ten, C.W., Gerdes, R.: Securing supervisory control and data acquisition control systems, pp. 237–255. CRC, Boca Raton (2018)
Kushner, D.: The real story of Stuxnet. IEEE Spectr. 50(3), 48–53 (2013)
Vicente, K.J., Rasmussen, J.: Ecological interface design: theoretical foundations. IEEE Trans. Syst. Man Cybern. 22(4), 589–606 (1992). https://doi.org/10.1109/21.156574
Haque, N.I., Rahman, M.A., Chen, D., Kholidy, H.: BIoTA: control-aware attack analytics for building internet of things. In: 2021 18th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pp. 1–9. IEEE (2021)
Zhaoa, Y., Huangb, L., Zhub, Q., Smidtsa, C.: Bayesian games for optimal cybersecurity investment with incomplete information on the attacker. In: 16th International Conference on Probabilistic Safety Assessment and Management (PSAM) (2022)
Kioskli, K., Fotis, T., Nifakos, S., Mouratidis, H.: The importance of conceptualising the human-centric approach in maintaining and promoting cybersecurity-hygiene in healthcare 4.0. Appl. Sci. 13(6), 3410 (2023)
Chockalingam, S., Nystad, E., Esnoul, C.: Capability maturity models for targeted cyber security training. In: Moallem, A. (ed.) HCII 2023. LNCS, vol. 14045, pp. 576–590. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-35822-7_37
Chi, H., Liu, J., Xu, W., Peng, M., DeGoicoechea, J.: Design hands-on lab exercises for cyber-physical systems security education. J. Colloq. Inf. Syst. Secur. Educ. 9, 8 (2022)
Acknowledgments
The workshop organizers would like to thank the speakers for their interesting talks and sharing their insights, as well as the participants for making this event possible. Moreover, we would also like thank 18th IFIP Summer School on Privacy and Identity Management Organizers for providing an opportunity to organize this workshop in conjunction with a prestigious summer school.
This was supported by the RECYCIN (Reinforcing Competence in Cybersecurity of Critical Infrastructures: A Norway - US Partnership; #309911) project-funded by the Research Council of Norway.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Akbarzadeh, A. et al. (2024). Workshop on Cybersecurity of Critical Infrastructures. In: Bieker, F., de Conca, S., Gruschka, N., Jensen, M., Schiering, I. (eds) Privacy and Identity Management. Sharing in a Digital World. Privacy and Identity 2023. IFIP Advances in Information and Communication Technology, vol 695. Springer, Cham. https://doi.org/10.1007/978-3-031-57978-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-57978-3_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57977-6
Online ISBN: 978-3-031-57978-3
eBook Packages: Computer ScienceComputer Science (R0)