The Resilience of Critical Infrastructures

April 15, 2018 | Views: 1263

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Historical Background

Since the ancient Romans it was clear the importance of critical infrastructures, so that for example they had invented a system of IPS / IDS for the protection of drinking water, raising trouts in pools far km away from Rome, sprayed by the same water conducted in the city by the famous Roman aqueducts, placing a look-out 24 hours of the sentinels, who alarmed the town in time if they saw the trouts die for a probable poisoning.

Even the lakes and rivers represented a potential danger and in fact, if necessary moved the riverbed of rivers that often overflowed during rainy periods causing deaths. Or as happened for the phenomenon of bradyseism under the lake of Albano, which poured over Rome, pierced the sides of the crater that houses the lake, to create a threshold beyond which the water level could not reach, making it flow through the artificial emissary in the direction of Pavona and the sea.

What to say of the fires contemplated in Roman law, just to prevent and counteract such incidents were appointed risk managers: triumvirs; aediles; tribunes plebes, public offices which were responsible for the application of prevention rules, where it was provided among other things that in each house there was a sufficient supply of water to be used in the event of an accident, every citizen was involved in the resilience of the ‘era.

Thus the most extensive commercial, financial, legal, thermal and shopping center of the period known as the Fori Imperiali, was equipped with fireproof walls. We could continue with the meaning of “Pontefice”, implicitly implying the importance of communication routes, primarily for trade but also to contrast the enemy by protecting the boundaries of the Monarchy first, then the Republic and finally the Empire, being able to move whole legions faster, all to ensure more easily not only political stability but also economic stability. The law of the 12 tables included the criteria for the construction of Roman roads. Now in modern geopolitics, we have to protect the digital boundaries and the Cyber Space has become the five domain whose violation can cause a war reaction from the allied countries (NATO) depending on the severity of the Cyberattack, where behind these attacks are hidden, however, always economical and military interests.

2 Modern times WEB 4.0

2.1 USA

The 2013 PPD 21 of Barack Obama provides us with a list of critical infrastructures to be protected, identifying 16 sectors, in addition to defining the roles, responsibilities, and skills:

  • Chemical: Sector-Specific -> Agency: Department of Homeland Security Master in Cyber
  • Commercial Facilities: Sector-Specific Agency: Department of Homeland Security
  • Communications: Sector-Specific Agency: Department of Homeland Security
  • Critical Manufacturing: Sector-Specific Agency: Department of Homeland Security
  • Dams: Sector-Specific Agency: Department of Homeland Security
  • Defense Industrial Base: Sector-Specific Agency: Department of Defense
  • Emergency Services: Sector-Specific Agency: Department of Homeland Security
  • Energy: Sector-Specific Agency: Department of Energy
  • Financial Services: Sector-Specific Agency: Department of the Treasury
  • Food and Agriculture: Co-Sector-Specific Agencies: U.S. Department of Agriculture and Department of Health and Human Services
  • Government Facilities: Co-Sector-Specific Agencies: Department of Homeland Security and General Services Administration
  • Healthcare and Public Health: Sector-Specific Agency: Department of Health and Human Services
  • Information Technology: Sector-Specific Agency: Department of Homeland Security
  • Nuclear Reactors, Materials, and Waste: Sector-Specific Agency: Department of Homeland Security
  • Transportation Systems: Co-Sector-Specific Agencies: Department of Homeland Security and Department of Transportation
  • Water and Wastewater Systems: Sector-Specific Agency: Environmental Protection Agency

2.2 EU

The European Directive 1148 of 2016, which will come into force this year, obliges member states to adopt measures of resilience in the sectors that supply essential and digital services:

“For an effective response to the security challenges of networks and information systems it is, therefore, a global approach at Union level is needed, including the establishment of a common minimum capacity and minimum provisions on planning, information exchange, cooperation and common security obligations for operators of essential services and digital service providers. However, there shall be nothing to prevent the operators of essential services and digital service providers from applying security measures which are stricter than those required under this Directive. ”

Sectors of ICs identified by the European Commission listened in Communication 702 of 2004:

  • energy plants and networks (power plants, gas, and oil production plants, depots and refineries, transmission and distribution systems)
  • communication and technology information (for example, telecommunications, radio and television services, software, hardware and networks including the Internet)
  • finance (for example, banks, financial instruments, and investments)
  • the health system (for example, hospitals, health and blood collection services, laboratories, the pharmaceuticals sector and collection and rescue and emergency services)
  • food supply (for example, the food industry, hygienic safety systems, production and wholesale distribution)
  • water supply (e.g., basins, storage, treatment, aqueducts)
  • transport i (e.g., port, airport, and intermodal services, collective rail transport systems, traffic control systems)
  • production, storage, and transport of dangerous substances (e.g., chemical, biological, radiological and nuclear)
  • administration (for example, crucial services, structures, information networks, assets and architectural and natural heritage).
  • The Enisa, an Agency established in 2004 with headquarters in Athens, is a center of competence in the field of information security to support every European Nation under cyberattack.

2.3 IT

The Gentiloni Decree incorporates the European directive, regulating and structuring a pyramidal organization:

  • PC (Prime Minister) presides over the summit college composed by DIS Director General and AISE and AISI Directors.
  • CISR  (Interministerial Committee for the Security of the Republic) prepares the QSN and deliberates the PN, suggests directives and is composed of: Delegated authority or, in the absence of delegation, by the same PC and Ministers of foreign, internal, defense, justice, economy and finance, economic development.
  • DIS (Department of Security Information) The Director is automatically Secretary General of CISR.
  • NSC (Cybernetics Security Unit) organized by MISE -> CERT-NA, Police and Defense.
  • SOC  Security Operation Center, organized by MISE + AGID and is the reference for the UN, NATO, and EU for international exercises.
  • PPP Public Private Partnership.

Italy will have to provide a list of its European Critical Infrastructures to the SIC (Secretariat of critical infrastructures) and responsible for identifying the “ICE” is the NISP (Inter-ministerial unit situation and planning) composed by two representatives for each of the Ministries of Foreign Affairs, and defense, by a representative of the Ministry of Economy and Finance, the Ministry of Health, the Department of Civil Protection, the Department of Security and Information (DIS), the Agency for Information and Internal Security (AISI), the Agency for Information and External Security (AISE) and by the Fire Department, by the public aid and civil defense .

System Countermeasure for GDPR and IT Directive

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel