Critical Infrastructure Protection

Critical Infrastructure: You Get What You Pay For


Programmable Logic Controllers (PLCs) have proliferated into multiple commercial sectors,  including  critical  infrastructure  applications.  PLCs  often  manage  resources  that  offer high-impact targets but with a lackadaisical treatment of security—a recipe for trouble. This paper proposes a misuser-driven approach for PLC assessment. 

Leveraging Virtualization Technologies to Improve SCADA ICS Security


In recent years, Supervisory Control and Data Acquisition (SCADA) Industrial Control Systems (ICS)—systems used for controlling industrial processes, power plants, or assembly lines—have become a serious concern because of security and manageability issues.

A Process for the Identification of Security Risks from Critical Infrastructure Interdependencies


Traditional security risk assessment takes a broad asset-based view of organizations. The risk identification process therefore focuses on well-known threats and vulnerabilities to static and discrete assets that fall within the scope of organizational boundaries under investigation. It does not offer a methodology or framework that systematically deals with risks that arise from the complex interdependencies1 among the critical infrastructures2. To support this proposition, this paper conducts a systematic analysis of the security risks resulting from logical, cyber, geographical and physical interdependencies between telecommunications and power infrastructures.

U.S. Energy Sector Cybersecurity: Hands-off Approach or Effective Partnership?


Recent reporting has identified significant threats to the U.S. energy’s critical infrastructure from nation states and other groups through cyberspace. Efforts to improve the security and resilience of U.S. energy infrastructure relies upon voluntary partnerships between the U.S. Government and public and private energy infrastructure owners.

Vulnerability Analysis in Critical Infrastructure Protection


This paper describes a novel approach to critical infrastructure vulnerability analysis and risk assessment that applies to sectors that can be represented as networks. The method – called model-based vulnerability analysis (MBVA) - is based on a combination of scale-free network theory and fault-tree/event-tree analysis. MBVA incorporates two new optimal resource allocation equations: one for minimizing fault occurrences, and a second equation for minimizing financial risk. The method has been successfully used to identify vulnerabilities in sectors as diverse as water, energy, telecommunications, and power grids.

A Tale of Two Cities: Approaches to Counter-Terrorism and Critical Infrastructure Protection in Washington, DC and Canberra


All nations undertake a variety of activities to protect their citizens from the threat posed by terrorism. In the last decade, the requirements of effective counter- terrorism (CT) policy have become more demanding as the result of the changing nature of global terrorism, and the challenges posed by the requirement to protect vulnerable critical national infrastructures (CNI). (Since the events of 11 September 2001, of these policies has taken on an unprecedented importance.) But the approaches taken by different nations regarding national CT and critical infrastructure protection (CIP) policies have varied considerably. In this paper, the authors will examine the approaches to CT and CIP policies adopted by two nations – the United States and Australia – both before and after 11 September 2001. The paper concludes by proposing explanations for the different approaches in CT and CIP policies adopted by the United States and Australia.

Is Task Force Smith Rushing To An Electronic Pearl Harbor?


The United States of America remains ill prepared against cyberattack in spite of years of well-documented and well-publicized warnings by governmental and non-governmental organizations. The result is the extreme vulnerability of the U.S. to attack in cyberspace by its opponents with severe consequences to the U.S. infrastructure and economy. This paper examines why the ill preparedness of the U.S. to cyberattack is a serious problem, a brief history of this problem with an emphasis on the recent three years, the on-going measures to solve this problem, recommended solutions, and a conclusion.

International Coordination to Increase the Security of Critical Network Infrastructures


‘All our infrastructures are increasingly dependent on information and communications systems that criss-cross the nation and span the globe. That dependence is the source of rising vulnerabilities…’ (PCCIP, 1997). Improving the security of these infrastructures requires coordination within and among organizations and nations. In this paper, we discuss five areas that demonstrate the value of international coordination: standardization, information sharing, halting attacks in progress, legal coordination, and providing aid to developing nations. International approaches to coordination in these areas should be matched with appropriate national strategies to secure network-connected infrastructures more effectively.

Information Operations – A Swedish View


This paper touches upon Swedish views of how to organize traditional domestic responsibilities to better catch up with emerging IT-related threats. This paper stresses the need for developed forms of public-private co-operation. It also discusses new ways of handling crises and conflicts, as well as of enforcing sanctions in the international arena.

An Emergent Security Risk: Critical Infrastructures and Information Warfare


This paper examines the emergent security risk that information warfare poses to critical infrastructure systems, particularly as governments are increasingly concerned with protecting these assets against attack or disruption. Initially it outlines critical infrastructure systems and the notion of information warfare. It then discusses the potential implications and examining the concerns and vulnerabilities such cyber attacks would pose, utilising exemplar online attack occurrences. It then examines the current Australian situation before suggesting some considerations to mitigate the potential risk that information warfare poses to critical infrastructure systems, and by association: government, industry and the wider community.  

Results from a SCADA-Based Cyber Security Competition


On April 1 2011, Regis University hosted the 7th Computer and Network Vulnerability Assessment Simulation (CANVAS) competition with a turnout of 68 event competitors and at least two dozen faculty and spectators. The event was a major success. The competition sought primarily to introduce a Critical Infrastructure Protection (CIP) theme to a cyber competition to raise awareness of these types of attacks. This paper will discuss the goals and intricacies of developing the CANVAS cyber competition, including technical details, extensibility of CIP-focused cyber competitions, as well as the continued development and value of CIP simulation infrastructure.

Strategies for Combating Sophisticated Attacks


Industrial control systems (ICS) monitor and control the processes of public utility infrastructures that society depends on—the electric power grid, oil and gas pipelines, transportation and water facilities. Attacks that impact the operations of these critical assets could have devastating consequences. Yet, the complexity and desire to interconnect ICS components have introduced vulnerabilities and attack surfaces that previously did not exist. Cyber attacks are increasing in sophistication and have demonstrated an ability to cross over and create effects in the physical domain. Most notably, ICS associated with the critical infrastructure have proven susceptible to sophisticated, targeted attacks.

Critical Infrastructure Protection Policy: The Israeli Experience


This article presents the Critical Infrastructure Protection (CIP) policy in Israel and analyses its evolution. Israel established a centralist national critical infrastructure protection system in late 2002, which was implemented rather harmoniously. However, the evolving cyber-environment has led to renewed discussions. After years of discontent, a comprehensive review of national cyber-posture was conducted in 2011. Significant policy changes, fostering coordinated cooperation between public, security, academic, and private sectors, are now in progress. This examination of the Israeli CIP approach may assist policy-making in other countries.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
  • 757.234.6664