Ifeoluwapo Aribilola , Saeed Hamood Alsamhi , John G. Breslin , Mamoona Naveed Asghar
{"title":"SuPOR: A lightweight stream cipher for confidentiality and attack-resilient visual data security in IoT","authors":"Ifeoluwapo Aribilola , Saeed Hamood Alsamhi , John G. Breslin , Mamoona Naveed Asghar","doi":"10.1016/j.ijcip.2025.100786","DOIUrl":"10.1016/j.ijcip.2025.100786","url":null,"abstract":"<div><div>The rapid growth of Internet of Things (IoT) technologies, particularly visual sensors such as cameras and drones, has resulted in increased transmission of sensitive visual data containing personally identifiable information (PII). Securing this data during storage and transmission (e.g., cloud or edge servers) is essential for maintaining privacy and security. However, existing encryption methods often face challenges due to computational overhead and vulnerability to attacks, especially on resource-limited IoT devices. To bridge this research gap, this paper presents <em>SuPOR</em>, a single-round lightweight cipher tailored for visual data protection in IoT environments. The <em>SuPOR</em> framework incorporates five fundamental cryptographic principles—<strong>Su</strong>bstitution, <strong>P</strong>ermutation, X<strong>OR</strong>, right circular shift, and swap—which are executed in sequential steps. These include: (1) constructing a secure S-box using Möbius linear transformations and Galois fields for pixel-level substitution, (2) permuting the substituted pixels to improve diffusion, (3) applying a cryptographically secure pseudo-random number generator (CSPRNG) to generate a 64-bit one-time key for <strong>XOR</strong>ing, (4) performing right circular shifts on pixel byte arrays, and (5) executing element swaps to further obfuscate the data. Comprehensive security and statistical assessments demonstrate that <em>SuPOR</em> offers strong resistance against various attack vectors while maintaining minimal computational overhead, with a linear time complexity of <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>n</mi><mi>m</mi><mo>+</mo><mi>n</mi><mrow><mo>(</mo><mn>3</mn><mo>×</mo><mi>f</mi><mi>r</mi><mi>a</mi><mi>m</mi><mi>e</mi><mi>s</mi><mi>i</mi><mi>z</mi><mi>e</mi><mo>)</mo></mrow><mo>)</mo></mrow></mrow></math></span>. Experimental comparisons indicate that <em>SuPOR</em> surpasses several state-of-the-art stream ciphers designed for IoT visual data, making it highly suitable for real-time, resource-constrained environments. The findings provide a practical and efficient solution to enhance the privacy and security of visual data in IoT systems, effectively safeguarding sensitive information from threats.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100786"},"PeriodicalIF":5.3,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144721505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Taru Itäpelto, Mohammed Elhajj, Marten van Sinderen
{"title":"Digital twin application in lifecycle security of critical infrastructures: A systematic literature review","authors":"Taru Itäpelto, Mohammed Elhajj, Marten van Sinderen","doi":"10.1016/j.ijcip.2025.100783","DOIUrl":"10.1016/j.ijcip.2025.100783","url":null,"abstract":"<div><div>Critical infrastructures are essential for the functioning of society. However, their increasing connectivity makes them vulnerable to growing cybersecurity threats. Traditional testing methods, such as testbeds, often struggle to accurately replicate real-world complexities and can be expensive to maintain. Although digital twins are gaining attention as a potential solution, providing high-fidelity virtual replicas with simulation, prediction, and control capabilities, their specific role in enhancing cybersecurity for critical infrastructures throughout their lifecycles has not been thoroughly explored. To address this gap, our study conducts a systematic literature review of 43 peer-reviewed papers published between 2013 and 2024 to investigate how digital twins can tackle cybersecurity challenges throughout critical infrastructures’ lifecycles. Our analysis offers a detailed classification of cybersecurity use cases enabled by digital twins, maps these use cases to the lifecycle phases of critical infrastructures, and evaluates the feasibility and justifications of both proposed and implemented solutions as long-term cybersecurity enhancers. Our findings underscore the potential of digital twins to foster a sustainable, long-term partnership with critical infrastructures, leading to improved cybersecurity. Additionally, we propose four future research directions to guide the development of robust digital twin solutions supporting the evolution of these vital systems, their operating contexts, and threat landscapes. To the best of our knowledge, this is the first study investigating digital twins’ role as a lifelong cybersecurity enhancer for critical infrastructures.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100783"},"PeriodicalIF":5.3,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144721504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A cyber-resilient mechanism for detection, classification and mitigation of intrusion on synchrophasor data in power networks","authors":"Soma Bhattacharya, Brundavanam Seshasai, Ebha Koley, Subhojit Ghosh","doi":"10.1016/j.ijcip.2025.100785","DOIUrl":"10.1016/j.ijcip.2025.100785","url":null,"abstract":"<div><div>In recent times, owing to their ability in providing accurate synchronized phasor information with global positioning system (GPS) based common time reference, phasor measurement units (PMUs) have emerged as one of the most significant components of the wide-area monitoring system of modern power networks. However, the use of public GPS signal and increased dependence on the communication infrastructure for transmitting phasor information have made the PMU (also referred to as synchrophasor) dependent operations highly vulnerable to the cyber intrusions. Intrusions on synchrophasor data is generally executed by either manipulating the common time reference (referred to as time synchronization attack (TSA)) or by injecting a falsified data into the actual PMU acquired signal to recreate a non-existing scenario (referred to as replay attack (RA)). For both the attacks, the acquisition of manipulated data at the control centre negatively disturbs the wide-area monitoring and control operations, which might even lead the network to blackout. Motivated by the requirement of increasing the resiliency of power networks against TSA and RA, the development of an accurate, reliable and comprehensive scheme for detecting, classifying and mitigating the impact of phasor intrusions has been sought in the present work. The three-stage mechanism involves processing of the phasor data acquired from multiple PMUs using bi-directional gated recurrent unit (Bi-GRU) based classifiers to detect intrusion (first stage) and further classify the type of intrusion as TSA or RA (second stage). Post-intrusion classification, in the final stage, Bessel interpolation is applied to filter out the spoofed data and further replace it with intrusion-free (pre-attack) data. The proposed scheme has been extensively validated for practical settings in real-time testbed with regards to detecting intrusions, distinguishing intrusions from contingencies, classifying intrusion and estimating the state variables closer to the pre-attack levels.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100785"},"PeriodicalIF":4.1,"publicationDate":"2025-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144614191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Godslove Ampratwum, Robert Osei-Kyei, Vivian W.Y. Tam
{"title":"Developing a performance assessment tool for building critical infrastructure resilience through Public-Private Partnership in Ghana","authors":"Godslove Ampratwum, Robert Osei-Kyei, Vivian W.Y. Tam","doi":"10.1016/j.ijcip.2025.100784","DOIUrl":"10.1016/j.ijcip.2025.100784","url":null,"abstract":"<div><div>In recent years, public-private partnership (PPP) has been advocated for as a medium to build critical infrastructure resilience. PPPs provides an added value achieved from greater co-operation among public-private sector entities. Performance measurement is critical to identify the difficulties and challenges that affects the PPP in executing their role in building critical infrastructure resilience. While the PPP concept is not novel, the precise performance measurement of a PPP in critical infrastructure resilience has not been explored yet. Key performance resilience indicators provide an assessment to measure the performance of a PPP set up to build critical infrastructure resilience. Since the area of performance assessment of PPP in critical infrastructure resilience has not been examined yet, this study used quantitative approach to develop a performance index to help quantify the performance of the PPP in critical infrastructure resilience using fuzzy synthetic evaluation method. The performance index developed consists of four major critical performance criteria groupings: these include, Hazard Detection, Continuity plans, Disruptive event detection, Functional Performance. The evaluation model can be used to objectively determine the performance of a PPP in building critical infrastructure resilience.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100784"},"PeriodicalIF":4.1,"publicationDate":"2025-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144571862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alaa O. Khadidos , Adil O. Khadidos , Shitharth Selvarajan , Taher Al-Shehari , Nasser A Alsadhan , Subhav Singh
{"title":"CyberSentry: Enhancing SCADA security through advanced deep learning and optimization strategies","authors":"Alaa O. Khadidos , Adil O. Khadidos , Shitharth Selvarajan , Taher Al-Shehari , Nasser A Alsadhan , Subhav Singh","doi":"10.1016/j.ijcip.2025.100782","DOIUrl":"10.1016/j.ijcip.2025.100782","url":null,"abstract":"<div><div>SCADA systems form the core of infrastructural facilities, including power grids, water treatment facilities, and industrial processes. Changing cyber threats present increasingly sophisticated attacks against which traditional security models inadequately protect SCADA systems. These traditional models usually have drawbacks in the way of inadequate feature selection, inefficiency in detecting most attacks, and suboptimal parameter tuning, which cause vulnerabilities and reduce resilience in systems. This paper presents CyberSentry, a new security framework designed to overcome limitations so as to provide robust protection for SCADA systems. These three modules makeup CyberSentry: the RMIG feature selection model, tri-fusion net for attack detection, and Parrot-Levy Blend Optimization (PLBO) for parameter tuning. The Recursive Multi-Correlation-based Information Gain (RMIG) feature selection model enhances accuracy in detection by optimizing the set of fatal features through recursive multi-correlation analysis by Information Gain prioritization. The Tri-Fusion Net combines anomaly detection, signature-based detection, and machine learning classifiers to enhance the detection versatility and robustness. The PLBO module ensures efficient and dynamic tuning for the parameters through undocumented Parrot and Levy optimization techniques. The proposed CyberSentry framework integrates, within a unified architecture, anomaly detection, signature-based detection, and machine learning classifiers to enhance the security of SCADA systems against diverse cyber threats. Features extracted in this manner are analyzed using machine learning classifiers that exploit their predictive capabilities for robust threat classification. The proposed approaches are fused within the Tri-Fusion Net to complement each other in areas where the separate methods lack certain strengths. This, therefore, ensures broad threat detection, as is validated by extensive testing with various datasets for the assurance of superiority in accuracy and reliability. Validated and tested against a wide variety of datasets, CyberSentry demonstrates an overall accuracy of 99.5 % and a loss of 0.32, proving that this method is both effective and reliable.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100782"},"PeriodicalIF":4.1,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144330246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Using Kolmogorov–Arnold network for cyber–physical system security: A fast and efficient approach","authors":"Mohammadmahdi Ghorbani , Alimohammad Ghassemi , Mohammad Alikhani, Hamid Khaloozadeh, Amirhossein Nikoofard","doi":"10.1016/j.ijcip.2025.100768","DOIUrl":"10.1016/j.ijcip.2025.100768","url":null,"abstract":"<div><div>A cyber–physical system (CPS) is the foundation of modern industrial infrastructures but is vulnerable to cyber attacks due to its connectivity. Detecting these attacks is crucial, driving research into machine learning and deep learning-based models for intrusion detection systems. Many of these models, though effective, suffer from high computational complexity and large parameter counts, limiting their practicality for real-time deployment. Additionally, extensive data preprocessing, commonly used in attack detection, can introduce drawbacks such as loss of critical information, reduced interpretability, and increased latency. This paper employs the Kolmogorov–Arnold network (KAN) as a lightweight and efficient alternative to conventional models for attack detection in CPSs. With a compact architecture and significantly fewer parameters, KAN achieves high classification accuracy while minimizing computational overhead. It eliminates the need for complex feature extraction and preprocessing, preserving data integrity and enabling faster decision-making. Evaluated on the SWaT, WADI, and ICS-Flow datasets, KAN demonstrates superior performance in detecting cyber attacks across binary and multi-class tasks on both physical and network data. Its low inference time and minimal resource requirements make it a practical solution for real-time CPS security.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100768"},"PeriodicalIF":4.1,"publicationDate":"2025-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144240246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Transposing EU-legislation on critical infrastructure protection legal implementation performance in the Baltic Sea region","authors":"Marie Becker","doi":"10.1016/j.ijcip.2025.100781","DOIUrl":"10.1016/j.ijcip.2025.100781","url":null,"abstract":"<div><div>Both, in the Russian war of aggression against Ukraine and in the proliferation of hybrid attacks on EU territory, critical energy infrastructure has become a primary target. One EU- response to the ensuing need for transnational action consists in the CER-Directive of 2022 on the resilience of critical entities. Its effectiveness now hinges on national implementation, currently pervaded by delay despite the undisputable urgency. To begin to shed some light, this study analyses legal implementation of the directive’s predecessor (ECI-Directive of 2008) to assess explanatory approaches from the discipline of implementation studies in the particular field of critical infrastructure protection. Focusing on the hotspot Baltic Sea Region, it shows how country-specific generalized expectations do not hold and how fundamental misfit between pre-existing national frameworks and a directive can instead help predict deviation. For the ECI-Directive, the study shows significant delays and deviation for individual countries, as well as only limited harmonization across the region.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100781"},"PeriodicalIF":4.1,"publicationDate":"2025-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144366828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Umar Islam , Hanif Ullah , Naveed Khan , Kashif Saleem , Iftikhar Ahmad
{"title":"AI-enhanced intrusion detection in smart renewable energy grids: A novel industry 4.0 cyber threat management approach","authors":"Umar Islam , Hanif Ullah , Naveed Khan , Kashif Saleem , Iftikhar Ahmad","doi":"10.1016/j.ijcip.2025.100769","DOIUrl":"10.1016/j.ijcip.2025.100769","url":null,"abstract":"<div><div>The rapid adoption of Industry 4.0 technologies in renewable energy grids has significantly improved efficiency and scalability. However, this integration has also amplified cybersecurity risks, making conventional Intrusion Detection Systems (IDS) insufficient against evolving cyber threats. This study proposes a novel AI-enhanced Intrusion Detection System (IDS) tailored for smart renewable energy grids, leveraging a multi-stage detection framework that integrates both supervised and unsupervised learning techniques. The proposed IDS combines Random Forest for signature-based detection and Autoencoders for anomaly-based threat identification, enabling real-time detection of both known and zero-day cyber threats. A comprehensive evaluation using real-world cyberattack datasets demonstrates that the system achieves a detection accuracy of 97.8 %, significantly reducing false positives compared to traditional IDS solutions. This work not only enhances the security and resilience of smart grids but also offers a scalable and adaptable cybersecurity framework for Industry 4.0 applications. The findings contribute to the advancement of AI-driven security mechanisms, ensuring the reliability of critical energy infrastructure in the face of sophisticated cyber threats.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100769"},"PeriodicalIF":4.1,"publicationDate":"2025-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144139400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Securing the nuclear supply chain: Addressing the issue of counterfeiting","authors":"Christopher Hobbs , Zoha Naser , Sarah Tzinieris","doi":"10.1016/j.ijcip.2025.100767","DOIUrl":"10.1016/j.ijcip.2025.100767","url":null,"abstract":"<div><div>In 2024, exploding pagers and walkie-talkies in Lebanon dramatically highlighted the importance of supply chain security and the risk that counterfeiting can pose. This article seeks to explore these issues in the nuclear context. Drawing on new empirical research, it examines how counterfeited materials, items, and technologies have found their way into nuclear supply chains and ultimately to facilities, exploring the impact of this and how the international community has responded. It finds that although counterfeits can and indeed have created significant nuclear risks, historically this issue has received relatively little attention. Here, a general lack of awareness, an overly narrow focus on their impact on critical safety systems, and the absence of comprehensive reporting mechanisms mean that the number of known counterfeits that have penetrated nuclear facilities globally is likely to be significantly underestimated. Although new international efforts in this area aimed at securing the nuclear supply chain have been launched in recent years, there remains much to be done, with considerable variation in the maturity of different countries and organizations’ approaches to this issue.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100767"},"PeriodicalIF":4.1,"publicationDate":"2025-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144185048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}