Cyber-Physical Threat Intelligence for Critical Infrastructures Security -

. .

Résumé :
Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Water, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well....

Biographie:

Aleksandar Jovanovic is the director of the Steinbeis Advanced Risk Technologies Group in Stuttgart, Germany providing consultancy in the areas of risk assessment and risk management for industry and public sector and CEO of the European Virtual Institute for Integrated Risk Management (EU-VRi). He is a full professor at Steinbeis University Berlin and his previous academic and research assignments include Politecnico di Milano (Italy), University of Stuttgart (Germany), Ecole Polytechnique (France), University of Tokyo (Japan), UC La Jolla (USA), BeijingCapital University (China), the European Commission (Belgium, Italy), Argonne Ntl. Lab. (USA), and industry in USA and Serbia. In his professional experience he has acted as project manager of over 150 large international / multinational projects in the area innovation management, new technologies, risk management, advanced data analysis and data mining, and related areas (the project for the EU, national governments, industry, utilities, insurances companies, R&D, and academia). Main topics covered by the current projects deal with risk andresilience management in industry (e.g., for insurance, power, process) and include HSSE (Health, Safety, Security, Environment), RCM (Reliability-Centered Maintenance), RBI (Risk-Based Inspection), KPIs (Key Performance Indicators), RCFA (Root Cause Failure analysis), resilience indicators and application of AI (artificial intelligence), in projects managed by him (e.g., iNTeg-Risk, 19.3 Me, 80+ partners, EskomRBI (RBI for power plants in South Africa, Me or SmartResilience - Resilience Indicators for critical infrastructures in Europe, 5 Me).

John Soldatos holds a PhD in Electrical & Computer Engineering from the National Technical University of Athens (2000) and is currently Honorary Research Fellow at the University of Glasgow, UK (2014-present). He was Associate Professor and Head of the Internet of Things Group at the Athens Information Technology (AIT), Greece (2006-2019), and Adjunct Professor at the Carnegie Mellon University, Pittsburgh, PA (2007-2010).He has significant experience in working closely with large multinational industries (IBM Hellas, INTRACOM S.A, INTRASOFT International) as R&D consultant and delivery specialist, while being scientific advisor to high-tech startup enterprises, such as Innov-Acts Limited (Nicosia, Cyprus) and Innovation Sprint Sprl (Brussels, Belgium). Dr. Soldatos is an expert in Internet-of-Things (IoT) technologies and applications, including IoT's applications in smart cities, finance (Finance 4.0), and industry (Industry 4.0). Dr. Soldatos has played a leading role in the successful delivery of more than sixty (commercial-industrial, research, and consulting) projects, for both private and public sector organizations, including complex integrated projects. He is cofounder of the open source platformOpenIoT and of the Edge4Industry community. He has published more than 180 articles in international journals, books, and conference proceedings. He has also significant academic teaching experience, along with experience in executive education and corporate training. Dr. Soldatos is a regular contributor in various international magazines and blogs, on topics related to IoT, Industry 4.0, and cybersecurity. Moreover, he has received national and international recognition through appointments in standardization working groups, expert groups, and various boards. He has coedited and coauthored three edited volumes (books) on Internet of Things topics, including IoT for Industrial Automation, IoT Analytics, and IoT Security.

Isabel Pra?a is Advisor of ISEP Presidency for R&D, Professor at ISEP and Senior Researcher at GECAD. Isabel has a PhD in Electrical and Computer Engineering, and a Pos...

Sommaire:
Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Water, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well....