Please enable JavaScript.

Coggle requires JavaScript to display documents.

Cybersecurity (CS) of Critical Infrastructures (CI) (Structure (Scope…

- - - - Serviceability + quality + sustainability
      - Metrics for measuring the success of policies
    - - External hacking
      - Malware
      - Social engineering
      - Spam
      - Insider data theft
      - Denial of Service
      - Devices destruction or theft
    - - Insiders, state sponsored crime (high)
      - Hackers, activists, organized cybercrime, competitors (moderate)
      - Terrorists (low)
    - - Notional
      - Physical
  - - - Act No 240/2000
      - Governmental Orders No 432/2010, No 315/2014
- - - - Need for seamless harmonization
  - - - Public organizations
      - Private firms
- - - - International
        
        Safe, secure, resilient, trusted, open environment
      - Local
        
        Smoothly running core businesses
    - - EU: harmonization, standardization, certification
        
        Cyber resilience
        
        Cyber-crime reduction
        
        Integrate CS to CSDP
        
        Develop CS resources
        
        Establish EU-wide CS policy
      - USA: Cyber strategy (09/18) and CS strategy (05/18)
        
        Risk identification
        
        Risk = threat + vulnerability + consequence
        
        Vulnerability reduction
        
        Threat reduction
        
        Consequence mitigation
        
        Implementation of CS outcomes
      - Local users, CI operators
        
        Identify CS risks related to core business
        
        Integrate CS activities into business processes
        
        Consider CS management as a part of risk management (reduce risks, minimize damages, strengthen resilience)
        
        Upscale personnel skills through constant trainings and exposures to latest technologies
    - - Nationally: particular sets of rules for rational decisions
      - Local users: implement CIA triad
        
        Confidentiality
        
        Integrity
        
        Availability
    - - Standards
        
        ETSI
        
        ISO/IEC 27001, 27035, 22301
        
        CEN/CENELEC
        
        NIST, NERC
      - Organizations
        
        EU
        
        ENISA
        
        ECSO
        
        USA
        
        DHS
      - Legislation
        
        Directive (EU) 2016/1148 EU
        
        Commission Implementing Regulation (EU) 2018/151
      - Projects
        
        ERNICP
        
        CIPRN
        
        IMPROVER
  - - - Achieve optimal resilience rather than full protection
      - Develop diversified cyber capabilities
        
        Resistance
        
        Absorption
        
        Restoration
        
        Adaptation
    - - Identify
        
        Understand own environment
        
        Deterrent activities - minimize threats
      - Protect
        
        Implement appropriate safeguards
        
        Preventive activities - minimize vulnerabilities
      - Detect
        
        Quick identification of CS events
        
        Detective activities - minimize incidents
      - Respond
        
        Counterattack activities
        
        Lessons learned
        
        Corrective activities - minimize impacts
      - Recover
        
        Restore affected services, capabilities or infrastructural items
      - Evaluate
        
        Measure number of attacks on CI
        
        Measure economic loss