In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for ...critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.
•We review the literatures on the six urban critical infrastructure networks (CINs).•For the six CINs, the resilience definitions, hazard categories, methodologies, and enhanced measures are ...summarized in detail.•The research challenges and future directions are presented.
With the rise of the resilience concept, scholars and practitioners have paid increasing attention to resilient city, which has become a new means of coping with hazards. As the cornerstone of modern cities, urban critical infrastructure networks (CINs) are prerequisites for resilient cities due to the huge economic losses and social impacts caused by their incapacities. In recent years, researches on the resilience of CINs have considerably increased, resulting in various resilience definitions, approaches, and enhanced strategies. This work reviews literature on six CINs, namely, water, drainage, gas, transportation, electric, and communication networks. The resilience definitions, hazard categories, methodologies, and enhanced measures for each CIN are analyzed in detail. Research challenges and future directions are also presented.
Models for understanding and holding systems accountable have long rested upon ideals and logics of transparency. Being able to see a system is sometimes equated with being able to know how it works ...and govern it—a pattern that recurs in recent work about transparency and computational systems. But can “black boxes’ ever be opened, and if so, would that ever be sufficient? In this article, we critically interrogate the ideal of transparency, trace some of its roots in scientific and sociotechnical epistemological cultures, and present 10 limitations to its application. We specifically focus on the inadequacy of transparency for understanding and governing algorithmic systems and sketch an alternative typology of algorithmic accountability grounded in constructive engagements with the limitations of transparency ideals.
As the deployment of Internet of Things (IoT) is experiencing an exponential growth, it is no surprise that many recent cyber attacks are IoT-enabled : the attacker initially exploits some vulnerable ...IoT technology as a first step toward compromising a critical system that is connected, in some way, with the IoT. For some sectors, like industry, smart grids, transportation, and medical services, the significance of such attacks is obvious, since IoT technologies are part of critical back-end systems. However, in sectors where IoT is usually at the end-user side, like smart homes, such attacks can be underestimated, since not all possible attack paths are examined. In this paper, we survey IoT-enabled cyber attacks, found in all application domains since 2010. For each sector, we emphasize on the latest, verified IoT-enabled attacks, based on known real-world incidents and published proof-of-concept attacks. We methodologically analyze representative attacks that demonstrate direct, indirect, and subliminal attack paths against critical targets. Our goal is threefold: 1) to assess IoT-enabled cyber attacks in a risk-like approach, in order to demonstrate their current threat landscape; 2) to identify hidden and subliminal IoT-enabled attack paths against critical infrastructures and services; and 3) to examine mitigation strategies for all application domains.
Critical infrastructures (include the body of systems, networks, and assets that are so essential that their continued operation is required to ensure the security of a given nation, its economy, and ...the public's health and/or safety) are significant for the growth and development of our society, drastically affecting most of the everyday activities as the components of the critical infrastructures are increasingly vulnerable to a dangerous mix of traditional and nontraditional types of threats. Taking into account a significant role of Critical Infrastructure in national and international security maintenance, the article analyses and interprets the policy pillars of Critical Infrastructure concepts in the European Union, NATO as well as in G7 Countries. Particular attention is paid to determining the functional purpose, approaches to the classification of the main components of critical infrastructure (structural content) and characteristics of them. At the end of this article there is suggested a generalized view regarding to the essence of Critical Infrastructure, as well as attention is drawn to the fact that the adopted approaches generally take into account that Critical Infrastructure now rarely exist or function in isolation, rather, they are becoming more tightly coupled, interconnected and interacted that creates a complex multisystem - a system-of-systems.
•Projections of multiple climate risks to critical infrastructures are assessed.•Impacts could rise up to 10 times present damages by 2100 due to global warming alone.•Damages from heatwaves, ...droughts and coastal floods show the most dramatic rise.•Economic losses could be highest for the industry, transport and energy sectors.•Southern and south-eastern European countries will likely be most affected.
Extreme climatic events are likely to become more frequent owing to global warming. This may put additional stress on critical infrastructures with typically long life spans. However, little is known about the risks of multiple climate extremes on critical infrastructures at regional to continental scales. Here we show how single- and multi-hazard damage to energy, transport, industrial, and social critical infrastructures in Europe are likely to develop until the year 2100 under the influence of climate change. We combine a set of high-resolution climate hazard projections, a detailed representation of physical assets in various sectors and their sensitivity to the hazards, and more than 1100 records of losses from climate extremes in a prognostic modelling framework. We find that damages could triple by the 2020s, multiply six-fold by mid-century, and amount to more than 10 times present damage of €3.4 billion per year by the end of the century due only to climate change. Damage from heatwaves, droughts in southern Europe, and coastal floods shows the most dramatic rise, but the risks of inland flooding, windstorms, and forest fires will also increase in Europe, with varying degrees of change across regions. Economic losses are highest for the industry, transport, and energy sectors. Future losses will not be incurred equally across Europe. Southern and south-eastern European countries will be most affected and, as a result, will probably require higher costs of adaptation. The findings of this study could aid in prioritizing regional investments to address the unequal burden of impacts and differences in adaptation capacities across Europe.
Electrical power systems have been traditionally designed to be reliable during normal conditions and abnormal but foreseeable contingencies. However, withstanding unexpected and less frequent severe ...situations still remains a significant challenge. As a critical infrastructure and in the face of climate change, power systems are more and more expected to be resilient to high-impact low-probability events determined by extreme weather phenomena. However, resilience is an emerging concept, and, as such, it has not yet been adequately explored in spite of its growing interest. On these bases, this paper provides a conceptual framework for gaining insights into the resilience of power systems, with focus on the impact of severe weather events. As quantifying the effect of weather requires a stochastic approach for capturing its random nature and impact on the different system components, a novel sequential Monte-Carlo-based time-series simulation model is introduced to assess power system resilience. The concept of fragility curves is used for applying weather- and time-dependent failure probabilities to system's components. The resilience of the critical power infrastructure is modeled and assessed within a context of system-of-systems that also include human response as a key dimension. This is illustrated using the IEEE 6-bus test system.
•Propose a stochastic programming for infrastructure restoration under uncertainty.•A multi-mode component repair model of higher practicality is considered.•Propose a tailored Benders decomposition ...to effectively solve the model.•Show the added value of the stochastic model against its deterministic counterpart.
The planning of post-disruption restoration in critical infrastructure systems often relies on deterministic assumptions such as complete information on resources and known duration of the repair tasks. In fact, the uncertainties faced by restoration activities, e.g. stemming from subjective estimates of resources and costs, are rarely considered. Thus, the solutions obtained by a deterministic approach may be suboptimal or even infeasible under specific realizations of the uncertainties. To bridge this gap, this paper investigates the effects of uncertain repair time and resources on the post-disruption restoration of critical infrastructure. Two-stage stochastic optimization provides insights for prioritizing the intensity and time allocation of the repair activities with the objective of maximizing system resilience. The inherent stochasticity is represented via a set of scenarios capturing specific realizations of repair activity durations and available resources, and their probabilities. A multi-mode restoration model is proposed that offers more flexibility than its single-mode counterpart. The restoration framework is applied to the reduced British electric power system and the results demonstrate the added value of using the stochastic model as opposed to the deterministic model. Particularly, the benefits of the proposed stochastic method increase as the uncertainty associated with the restoration process grows. Finally, decision-making under uncertainty largely impacts the optimum repair modes and schedule.