The Next Decade of European CIP: Anxiety of Decision, Fear of the Future, Perception of Risk As Well As Attempting to Answer the Question: “Which of the CIP’s Elements Will Most Affect Critical Infrastructure Protection?”

Lazari, Alessandro

doi:10.1007/978-3-319-07497-9_6

Alessandro Lazari²

557 Accesses

Abstract

This chapter elaborates all the knowledge analyzed in the previous chapter and tries to draw the conclusions of the study while predicting what could be a good approach for the European CIP’s policies in the future. The predictions and legit expectancies will cover a wide range of sub-fields such as common defense strategies, academic’s response to the need of preparing the experts of the future, and the aspect of the insurance market for CIP as the most underrated variable of such complex equation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Such as SCADA: Supervisory Control and Data Acquisition.
2.
Therapized implies the insistence of using a therapy which defeats or depletes the scope of the therapy in the first place.
3.
Such framework should also avoid the difficulties encountered by the MSs during the phase of the identification and designation of ECIs as reported in the previous chapters.
4.
The scarce security of the networks for exchanging secure information, the lack of “user friendliness” of the hardware and software implementing encryption and other methods for obfuscating information and, more in general, the difficult iteration between men and machines is still a topic that deeply demands for more intervention by all the involved stakeholders.
5.
Cyber-terrorists are also taking advantage of the “lack of perception of borders” and of the anonymity tools to launch attack worldwide while at the same time avoiding their identification.
6.
As anticipated before, the effects of cyber terrorism or cyber criminality do hit very specific targets.
7.
Among the anti-forensics techniques, is worth to mention cryptography, steganography, data hiding and tools for preventing the capabilities of tracking down the source of a network connection.
8.
Example being viruses, trojan horses, rootkits, botnets, large scale attacks, social engineering, insiders and other variables that may affect the continuity of the computers and the networks.
9.
Such vision can also be found in the recent speech that Neelie Kroes (Vice President of the EC responsible for the Digital Agenda) has given in Amsterdam on October 16, 2012 where the topic of “devastating cyber attacks” has been largely discussed.
10.
SPECTRE (SPecial Executive for Counter-intelligence, Terrorism, Revenge and Extortion) is a fictional global terrorist organization featured in the James Bond novels by Ian Fleming and the films based on those novels. The supranational organization is not aligned to any nation or political ideology. Spectre began in the novels as a small group of criminals but became a vast international organization.
11.
Clarke (2010).
12.
The cyberspace also escapes the prospects of sovereignty, circumstance that makes every mitigation activity more difficult because of the difficulties in identifying the authors of wilful acts.
13.
Wilson (2006).
14.
Trend Micro, online security bulletin, November 6, 2012.
15.
Where “offensive cyber operation” (intrusion, assault, penetration) may be composed of a mix of technical and social engineering capabilities leading to the following scenario: remote (through the internet), physical (usb key—chip swap—tapped cable—clandestine wifi) or social access (trickery, bribery, blackmail/extortion, social engineering, inside attacks).
16.
These kind of skills do already match the capabilities of modern “security officers” that deal with all the aspects analyzed previously, for example, with regard to the OSPs or in the coordination of groups of people that reflects such multi-sectorial capabilities.
17.
The disruption, failure or destruction of a Critical Infrastructure or asset is therefore mitigated or amplified depending on the quality of the decision and its timely execution.
18.
The concept of the Standardized Operator Security Plan is strongly connected to the NATO’s militarized concept of “Standard Security Plan” provided to Allies’ Critical Infrastructures in the field of NATO standardization programme (NSP).
19.
On the topic of the delicate interaction between CIP and Insurances, it is worthy to mention the following source of information: CRO Forum (2008, 2011) and ENISA (2012).
20.
The insurance companies usually rely on rock-solid premises that are described in the contracts. Rock-solid contractual clause may also conflict with the fast evolving and dynamic phenomenon of IT and cyber security.
21.
IT incident management reports are usually kept secret by the operators/owners of IT infrastructures willing to protect their “image factor”.

References

Clarke R (2010) Cyber war – the next threat to national security and what to do about it. Harper Collins Publishers, USA
Google Scholar
CRO Forum (2008) Critical information infrastructure – the digital economy’s Achilles heel. Emerging Risks Initiative, Position Paper, November 2008. http://www.thecroforum.org/documents/2013/08/crobriefing-2008-critical-information-infrastructure.pdf. 01.09.2013
CRO Forum (2011) Power blackout risks – risk management options. Emerging Risks Initiative, Position Paper, November 2011. http://www.thecroforum.org/wp-content/uploads/2011/11/CRO-Position-Paper-Power-Blackout-Risks-.pdf. 01.09.2013
ENISA (2012) Incentives and barriers of the cyber insurance market, June 2012. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/incentives-and-barriers-of-the-cyber-insurance-market-in-europe/at_download/fullReport. 01.09.2013
Wilson C (2006) Terrorist capabilities for cyber-attack. In: Dunn M, Mauer V (eds) International CIIP handbook 2006, vol II, Analyzing issues, challenges, and prospects. Center for Security Studies, ETH Zurich. http://e-collection.library.ethz.ch/eserv/eth:31123/eth-31123-04.pdf

Download references

Author information

Authors and Affiliations

Department of Systems and Informatics, University of Florence, Firenze, Italy
Alessandro Lazari

Authors

Alessandro Lazari
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Lazari, A. (2014). The Next Decade of European CIP: Anxiety of Decision, Fear of the Future, Perception of Risk As Well As Attempting to Answer the Question: “Which of the CIP’s Elements Will Most Affect Critical Infrastructure Protection?”. In: European Critical Infrastructure Protection. Springer, Cham. https://doi.org/10.1007/978-3-319-07497-9_6

Download citation

DOI: https://doi.org/10.1007/978-3-319-07497-9_6
Published: 28 June 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07496-2
Online ISBN: 978-3-319-07497-9
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)

Publish with us

Policies and ethics