Preliminary design of a new approach to choose cyber exercise methodologies for critical infrastructures
Pages 40 - 45
Abstract
The Critical Infrastructures (CIs) whose assets, systems, and networks, whether physical or virtual, are considered so vital to the whole world that their loss or destruction would have a crucial effect on security, national economic security, or safety, or any combination of them. Therefore, security training and awareness is a very important security control for CIs, whose operators and administrators should be continuously trained to be ready to face emergencies, like cyber-attacks. For this reason, it is considered necessary and demanding that the CIs should participate in cyber exercises, which offer such training and preparation to face cyber-attacks. Since several cyber security exercises methodologies have been developed by various organizations, the question is which cyber exercise methodology is more suitable for CIs. This research compares the most known cyber security exercise methodologies and proposes a new way to assist the operators in choosing the most appropriate cyber exercise according to their evolving needs.
References
[1]
BMI (2008). "Appendices to the Concept of IT Emergency and Crisis Exercises in Critical Infrastructures", www.bmi.bund.de, last accessed 06/10/2018.
[2]
BMI (2008). "IT Emergency and Crisis Exercises in Critical Infrastructures", www.bmi.bund.de, last accessed 06/10/2018.
[3]
BMI (2011). "Guideline for Strategic Crisis Management Exercises", www.bbk.bund.de, last accessed 06/10/2018.
[4]
C. Alcaraz, and J. Lopez, "Wide-Area Situational Awareness for Critical Infrastructure Protection", IEEE Computer, vol. 46, pp. 30--37, 2013.
[5]
C. Czosseck, R. Ottis and A. Talihärm, (2007). "Estonia After the 2007 Cyber Attacks: Legal, Strategic and Organisational Changes in Cyber Security", www.igi-global.com/article/estonia-after-2007-cyber-attacks/61328, last accessed 06/10/2018.
[6]
C. W. Johnson (2012). "Preparing for cyber-attacks on Air Traffic Management infrastructures: Cyber-safety scenario generation", 7th IET International Conference on System Safety, incorporating the Cyber Security Conference 2012, ISBN: 978-1-84919-678-9.
[7]
E. Sitnikova, E. Foo, R. B. Vaughn (2009). "The Power of Hands-On Exercises in SCADA Cyber Security Education", WISE 2009: Information Assurance and Security Education and Training pp 83--94, Springer.
[8]
ENISA Report (2009). "Good Practice Guide on National Exercises - Enhancing the Resilience of Public Communications Networks", www.enisa.europa.eu/publications/national-exercise-good-practice-guide/, last accessed 06/10/2018.
[9]
ENISA Report (2014). "Comparative study on the cyber crisis management and the general crisis management". ISBN 978-92-9204-100-7.
[10]
ENISA Report (2015). "ENISA Threat Landscape 2014", http://www.enisa.europa.eu/activities/risk-management/evolving-threatenvironment/enisa-threat-landscape/enisa-threat-landscape-2014, last accessed 06/10/2018.
[11]
ENISA Report (2016). "Ad-hoc & sensor networking for M2M Communications Threat Landscape and Good Practice Guide", https://www.enisa.europa.eu/publications/m2m-communications-threat-landscape, last accessed 06/10/2018.
[12]
G. B. White, G. Dietrich, T. Goles (2004). "Cyber Security Exercises: Testing an Organization's Ability to Prevent, Detect, and Respond to Cyber Security Events", Proceedings of the 37<sup>th</sup> HICSS.
[13]
G. Makrodimitris, C. Douligeris (2015). "Towards a successful exercise implementation - Case Study of exercise methodologies", "Human Aspects of Information Security, Privacy, and Trust", HAS 2015, LNCS 9190, pp. 1--12, 2015.
[14]
HERMES (2004). "Management and Execution of projects in Information and Communication Technologies", www.bbl.admin.ch/bundespublikationen, last accessed 06/10/2018.
[15]
HERMES OEx (2004). "Guidelines for the organisation of exercises", www.hermesoex.ch, last accessed 06/10/2018.
[16]
Homeland Security (2013), "Homeland Security Exercise and Evaluation Program", https://www.fema.gov/media-library/assets/documents/32326, last accessed 06/10/2018.
[17]
ISO/IEC: 22398 (2011). Societal security --- Guidelines for exercises and testing, http://www.iso.org, last accessed 06/10/2018.
[18]
J. Kick (2014). "Cyber Exercise Playbook", The MITRE Corporation, https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf, last accessed 06/10/2018.
[19]
MSB (2010). "Guide to Increased Security in Industrial Control Systems", ISBN: 978-91-7383-089-8.
[20]
MSB (2011). "Handbook - Evaluation of Exercises", ISBN 978-91-7383-127-7.
[21]
NIST (2006). "Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities", Special Publication 800--84.
[22]
OMB (2000). "Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources", http://csrc.nist.gov/drivers/documents/appendix_iii.pdf, last accessed 06/10/2018.
[23]
R. M. Clark, S. Hakim (2017). "Cyber-Physical Security, Protecting Critical Infrastructure at the State and Local Level", Springer, ISBN 978-3-319-32822-5.
[24]
T. Reed, K. Nauer, A. Silva (2013). "Instrumenting Competition-Based Exercises to Evaluate Cyber Defender Situation Awareness". In: Schmorrow D.D., Fidopiastis C.M. (eds) Foundations of Augmented Cognition. AC 2013. Lecture Notes in Computer Science, vol 8027. Springer, Berlin, Heidelberg.
Index Terms
- Preliminary design of a new approach to choose cyber exercise methodologies for critical infrastructures
Recommendations
Towards a Successful Exercise Implementation --- A Case Study of Exercise Methodologies
Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190The entire world faces various threats, with a significantly increasing rate. These threats are associated with international terrorism, natural catastrophes, power cuts due to cyber-attacks etc. Without doubt there is a need that an industrial or ...
Critical Infrastructures: IT Security and Threats from Private Sector Ownership
The critical infrastructures of industrialized countries depend on an interconnected “system of systems” that physically spans the globe and exists virtually everywhere. Often, the governments and industries responsible for the critical infrastructures ...
Guide to developing case-based attack scenarios and establishing defense strategies for cybersecurity exercise in ICS environment
AbstractCritical infrastructure mainly performs its role through an industrial control system (ICS). Organizations conduct cyber exercises between red and blue teams, focusing on offense and defense. Practical exercises require explicit attack scenarios ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2018
336 pages
ISBN:9781450366106
DOI:10.1145/3291533
- Editors:
- Karanikolas Nikitas,
- Mamalis Basilis,
- General Chairs:
- Kontos John,
- Pantziou Grammati,
- Gritzalis Stefanos,
- Douligeris Christos
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 29 November 2018
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
PCI '18
Acceptance Rates
PCI '18 Paper Acceptance Rate 57 of 105 submissions, 54%;
Overall Acceptance Rate 190 of 390 submissions, 49%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 111Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)0
Reflects downloads up to 12 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in