Theo Spyridopoulos Theo.Spyridopoulos@uwe.ac.uk
Occasional Associate Lecturer - CSCT FET
Critical infrastructure cyber-security risk management
Spyridopoulos, Theodoros; Maraslis, Konstantinos; Tryfonas, Theo; Oikonomou, George
Authors
Konstantinos Maraslis
Theo Tryfonas
George Oikonomou
Contributors
Maura Conway
Editor
Lee Jarvis
Editor
Orla Lehane
Editor
Stuart Macdonald
Editor
Lella Nouri
Editor
Abstract
Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly adaptations of such traditional approaches. Additionally, conventional methods fail to adequately address the increasing threat environment and the highly interdependent critical nature of ICSs, while proposed methods by the research community are as yet far from providing a solution. The importance of securely managing ICS infrastructures is growing, as they are systems embedded in critical national infrastructure (e.g. city traffic lights controls) and thus a potentially attractive target for organized cyber-criminals and terrorists. In this Chapter we present a novel approach that combines Stafford Beer’s Viable System Model (VSM) with Game Theory in order to develop a risk management process that addresses the above issues. The model we develop provides a holistic, cost-efficient cyber-security solution that takes into account interdependencies of critical components as well as the potential impact of different attack strategies.
| Publication Date | Jun 1, 2017 |
|---|---|
| Deposit Date | Oct 20, 2017 |
| Publicly Available Date | Oct 20, 2017 |
| Peer Reviewed | Peer Reviewed |
| Volume | 136 |
| Pages | 59-76 |
| Series Title | NATO Science for Peace and Security Series - E: Human and Societal Dynamics |
| Book Title | Terrorists' Use of the Internet |
| ISBN | 9781614997641 |
| DOI | https://doi.org/10.3233/978-1-61499-765-8-59 |
| Keywords | critical infrastructure, cyber-security risk management, industrial control systems, cyber-security, game theory, viable system model |
| Public URL | https://uwe-repository.worktribe.com/output/886727 |
| Publisher URL | http://dx.doi.org/10.3233/978-1-61499-765-8-59 |
| Related Public URLs | http://ebooks.iospress.nl/volumearticle/46544 |
| Contract Date | Oct 20, 2017 |
Files
Critical Infrastructure Cyber-security Risk Management (1).pdf
(2 Mb)
PDF
Critical Infrastructure Cyber-security Risk Management .docx
(2.6 Mb)
Document
You might also like
A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention
(2015)
Journal Article
Efficient and interpretable real-time malware detection using random-forest
(2019)
Presentation / Conference Contribution
Real-time monitoring of privacy abuses and intrusion detection in android system
(2015)
Presentation / Conference Contribution
Application of a game theoretic approach in smart sensor data trustworthiness problems
(2015)
Presentation / Conference Contribution
Applying the ACPO guidelines to building automation systems
(2015)
Presentation / Conference Contribution
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search