Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Spyridon Papastergiou; Haralambos Mouratidis; Eleni Maria Kalogeraki

doi:10.1007/s12530-020-09335-4

Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Spyridon Papastergiou, Haralambos Mouratidis, Eleni Maria Kalogeraki

Research output: Contribution to journal › Article › peer-review

Abstract

In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.

Original language	English
Journal	Evolving Systems
DOIs	https://doi.org/10.1007/s12530-020-09335-4
Publication status	Published - 4 Apr 2020

Bibliographical note

This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Keywords

Data fusion
Incident handling
Risk assessment
Web mining

Access to Document

10.1007/s12530-020-09335-4Licence: CC BY

Papastergiou2020_Article_HandlingOfAdvancedPersistentThFinal published version, 1.39 MBLicence: CC BY

Cite this

@article{31d0695fa8ff45a893a8c50f3b164997,

title = "Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures",

abstract = "In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.",

keywords = "Data fusion, Incident handling, Risk assessment, Web mining",

author = "Spyridon Papastergiou and Haralambos Mouratidis and Kalogeraki, {Eleni Maria}",

note = "This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.",

year = "2020",

month = apr,

day = "4",

doi = "10.1007/s12530-020-09335-4",

language = "English",

journal = "Evolving Systems",

issn = "1868-6478",

}

TY - JOUR

T1 - Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

AU - Papastergiou, Spyridon

AU - Mouratidis, Haralambos

AU - Kalogeraki, Eleni Maria

N1 - This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

PY - 2020/4/4

Y1 - 2020/4/4

N2 - In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.

AB - In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.

KW - Data fusion

KW - Incident handling

KW - Risk assessment

KW - Web mining

UR - http://www.scopus.com/inward/record.url?scp=85083366513&partnerID=8YFLogxK

U2 - 10.1007/s12530-020-09335-4

DO - 10.1007/s12530-020-09335-4

M3 - Article

AN - SCOPUS:85083366513

SN - 1868-6478

JO - Evolving Systems

JF - Evolving Systems

ER -

Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this