Home » R&I Project Hub » CyberSANE » Project White Papers » Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Error message

  • Warning: include_once(/var/www/html/web/sites/all/modules/cw_radar_projects/classes/API.php): failed to open stream: No such file or directory in include_once() (line 3492 of /var/www/html/web/includes/bootstrap.inc).
  • Warning: include_once(): Failed opening '/var/www/html/web/sites/all/modules/cw_radar_projects/classes/API.php' for inclusion (include_path='.:/usr/share/php') in include_once() (line 3492 of /var/www/html/web/includes/bootstrap.inc).
  • User warning: The following module is missing from the file system: cw_radar_projects. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1156 of /var/www/html/web/includes/bootstrap.inc).
  • User warning: The following module is missing from the file system: trust_ppg. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1156 of /var/www/html/web/includes/bootstrap.inc).

Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Authors

Spyridon Papastergiou, Haralambos Mouratidis, Eleni-Maria Kalogeraki

Publication

Evolving Systems Journal | Springer | 2020

https://doi.org/10.1007/s12530-020-09335-4

Abstract 

In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.

Publication Date: 
04/04/2020