Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Spyridon Papastergiou, Haralambos Mouratidis, Eleni Maria Kalogeraki

    Research output: Contribution to journalArticlepeer-review


    In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.

    Original languageEnglish
    JournalEvolving Systems
    Publication statusPublished - 4 Apr 2020

    Bibliographical note

    This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.


    • Data fusion
    • Incident handling
    • Risk assessment
    • Web mining


    Dive into the research topics of 'Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures'. Together they form a unique fingerprint.

    Cite this