Smart grid critical information infrasructure protection through multi-agency

“…This cyberattack can be in the form of DDoS on the Power Grid [24], Web attack [31], or attack the point of Sale (POS) [30]. Apart from cyberattacks, there are also External attacks [33,34], Insider Threat [35,36], Unauthorized Access [37,38], Targeted attacks [39,40], Hybrid Threats [41], Hazardous Event [42], Nature Disasters [43], Social Engineering [44], Falsification Attacks [45], Breach Attack [46], Data Theft [47], and Data Tampering [48] commonly found in CIIP. If we quote directly from the literature, vulnerability also has many terms.…”

“…There is a lack of connection between CII managers, so it is necessary to control safeguards to avoid risks. Other vulnerabilities found in the literature are Misconfigured Security Control [32,37,47], Collaborative Systems [38,52], Financial Vulnerability [30,31], Operator Mistakes [35,44], Lack Traceability [48,54], Unsecure Framework [53], Internal Turmoil [34], Unresolved Risk [42], Unknown Machine Failure [43], Manual Negotiation of Access Control [49], IoT Interconnection [45], Insecure Communication Technology [46], No Defense In-Depth [36], Sensor Misconfiguration [29], and Design Vulnerability [39].…”

“…Based on the literature review carried out, it turns out that confidentiality has no impact on the security function. Although no principle of confidentiality was considered, security function preventive [29, 32, 38, 43-46, 48, 49, 54, 55], detective [32,39,40,45,46,55], corrective [32,45,55], deterrent [32,38], recovery [32,55] and compensation [29,32,38,45,46,48,54,55] were found. This condition is different from Integrity which has correlation with corrective and recovery, and Availability with its correlation to all security function.…”

Review of Security Principles and Security Functions in Critical Information Infrastructure Protection

“…This cyberattack can be in the form of DDoS on the Power Grid [24], Web attack [31], or attack the point of Sale (POS) [30]. Apart from cyberattacks, there are also External attacks [33,34], Insider Threat [35,36], Unauthorized Access [37,38], Targeted attacks [39,40], Hybrid Threats [41], Hazardous Event [42], Nature Disasters [43], Social Engineering [44], Falsification Attacks [45], Breach Attack [46], Data Theft [47], and Data Tampering [48] commonly found in CIIP. If we quote directly from the literature, vulnerability also has many terms.…”

“…There is a lack of connection between CII managers, so it is necessary to control safeguards to avoid risks. Other vulnerabilities found in the literature are Misconfigured Security Control [32,37,47], Collaborative Systems [38,52], Financial Vulnerability [30,31], Operator Mistakes [35,44], Lack Traceability [48,54], Unsecure Framework [53], Internal Turmoil [34], Unresolved Risk [42], Unknown Machine Failure [43], Manual Negotiation of Access Control [49], IoT Interconnection [45], Insecure Communication Technology [46], No Defense In-Depth [36], Sensor Misconfiguration [29], and Design Vulnerability [39].…”

“…Based on the literature review carried out, it turns out that confidentiality has no impact on the security function. Although no principle of confidentiality was considered, security function preventive [29, 32, 38, 43-46, 48, 49, 54, 55], detective [32,39,40,45,46,55], corrective [32,45,55], deterrent [32,38], recovery [32,55] and compensation [29,32,38,45,46,48,54,55] were found. This condition is different from Integrity which has correlation with corrective and recovery, and Availability with its correlation to all security function.…”

Review of Security Principles and Security Functions in Critical Information Infrastructure Protection

Threats, Vulnerabilities and Security Functions in Critical Information Infrastructure