CIPSEC-Enhancing Critical Infrastructure Protection with Innovative Security Framework

Abstract

In the recent years, the majority of the world’s Critical Infrastructures (CIs) have evolved to be more flexible, cost efficient and able to offer better services and conditions for business growth. Through this evolution, CIs and companies offering CI services had to adopt many of the recent advances CIPSEC-Enhancing Critical Infrastructure Protection of the Information and Communication Technologies (ICT) field. This rapid adaptation however, was performed without thorough evaluation of its impact on CIs’ security. It resulted into leaving CIs vulnerable to a new set of threats and vulnerabilities that impose high levels of risk to the public safety, economy and welfare of the population. To this extend, the main approach for protecting CIs includes handling them as comprehensive entities and offer a complete solution for their overall infrastructures and ICT systems (IT&OT departments). However, complete CI security solutions exist, in the form of individual products from IT security companies. These products, integrate only in-house designed and developed tools/solutions, thus offering a limited range of technical solutions. The main aim of CIPSEC is to create a unified security framework that orchestrates state-of-the-art heterogeneous security products to offer high levels of protection in IT (information technology) and OT (operational technology) departments of CIs, also offering a complete security ecosystem of additional services. These services include vulnerability tests and recommendations, key personnel training courses, public-private partnerships (PPPs), forensics analysis, standardization activities and analysis against cascading effects.

Peer Reviewed

Postprint (published version)