International Journal of Critical Infrastructure Protection最新文献

{"title":"Critical entities resilience strengthening tools to small-scale disasters","authors":"David Rehak ,&nbsp;Alena Splichalova ,&nbsp;Heidi Janeckova ,&nbsp;Ondrej Ryska ,&nbsp;Alena Oulehlova ,&nbsp;Lenka Michalcova ,&nbsp;Martin Hromada ,&nbsp;Miltiadis Kontogeorgos ,&nbsp;Jozef Ristvej","doi":"10.1016/j.ijcip.2025.100766","DOIUrl":"10.1016/j.ijcip.2025.100766","url":null,"abstract":"<div><div>The issue of critical infrastructure protection is still largely based on the concept of critical infrastructure resilience. However, it is already clear that this concept must be restructured, primarily due to the adoption of a new European Union directive that focuses on the resilience of critical entities that are owners or operators of individual critical infrastructures. This directive stipulates, among other things, an obligation for critical entities to provide unlimited services necessary for maintaining the most important functions of the state. For this reason, it is necessary to pay increased attention not only to strengthening the resilience of infrastructures, but also to the management processes of critical entities. Based on these facts, 161 tools suitable for strengthening the critical entities internal resilience against small-scale disasters are classified and defined in this article. These strengthening tools are defined for both entities and infrastructural resilience. The article further defines the environment and procedure for strengthening the critical entities internal resilience, thus expanding the application of the existing CERA method, which was originally designed for the purpose of assessing the critical entities resilience to small-scale disasters. The design part of the article also includes a presentation of an example of a practical application of the proposed procedure.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100766"},"PeriodicalIF":4.1,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143881346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"STADe: An unsupervised time-windows method of detecting anomalies in oil and gas Industrial Cyber-Physical Systems (ICPS) networks","authors":"Abubakar Sadiq Mohammed,&nbsp;Eirini Anthi,&nbsp;Omer Rana,&nbsp;Pete Burnap,&nbsp;Andrew Hood","doi":"10.1016/j.ijcip.2025.100762","DOIUrl":"10.1016/j.ijcip.2025.100762","url":null,"abstract":"<div><div>Critical infrastructure and Operational Technology (OT) are becoming more exposed to cyber attacks due to the integration of OT networks to enterprise networks especially in the case of Industrial Cyber-Physical Systems (ICPS). These technologies that are a huge part of our daily lives usually operate by having sensors and actuators constantly communicating through an industrial network. To secure these industrial networks from cyber attacks, researchers have utilised misuse detection and Anomaly Detection (AD) techniques to detect potential attacks. Misuse detection methods are unable to detect zero-day attacks while AD methods can, but with high false positive rates and high computational overheads. In this paper, we present STADe, a novel Sliding Time-window Anomaly Detection method that uses a sole feature of network packet inter-arrival times to detect anomalous network communications. This work aims to explore a mechanism for detecting breaks in periodicity to flag anomalies. The method was validated using data from a real oil and gas wellhead monitoring testbed containing field flooding, SYN flooding, and Man-in-the-Middle (MITM) attacks — which are attacks that are popularly used to target the availability and integrity of oil and gas critical infrastructure. The results from STADe proved to be effective in detecting these attacks with zero false positives and F1 scores of 0.97, 0.923, and 0.8 respectively. Further experiments carried out to compare STADe with other unsupervised machine learning algorithms – KNN, isolation forest, and Local Outlier Factor (LOF) – resulted in F1 scores of 0.55, 0.673, and 0.408 respectively. STADe outperformed them with an F1 score of 0.933 using the same dataset.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100762"},"PeriodicalIF":4.1,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143882059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating regional emergency response capabilities using entropy weight and matter-element extension theory","authors":"Peijian Jin ,&nbsp;Haohao Qu ,&nbsp;Pengzhen Fan ,&nbsp;Suling Ge","doi":"10.1016/j.ijcip.2025.100763","DOIUrl":"10.1016/j.ijcip.2025.100763","url":null,"abstract":"<div><div>To accurately evaluate regional emergency response capacity, this paper establishes an indicator system based on measurable and quantifiable indicators, aligning with China's national laws, regulations, standards, and regional development data. The system comprises targets, guidelines, sub-criteria, and indicator levels. The target layer represents the evaluation focus, i.e., regional emergency response capacity. The guideline and sub-criteria layers include four guidelines and 12 sub-criteria, respectively. The indicator layer includes 28 quantifiable indicators, such as the rate of preparation of emergency plans, the frequency of emergency drills, the emergency response team, the number of financial allocations from the general public budget, and the percentage of social security and employment expenditures. The entropy weighting method is employed to determine index weights, while the material element topable theory quantitatively evaluates regional emergency response capacity. Subsequently, the model is utilized to assess the emergency response capacity of 31 provincial administrative regions in mainland China, confirming its validity.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100763"},"PeriodicalIF":4.1,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143874438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Measuring spatial accessibility to critical infrastructure: The Access Road Identification model","authors":"Ana Maria Mager Pozo ,&nbsp;Peter Priesmeier ,&nbsp;Alexander Fekete","doi":"10.1016/j.ijcip.2025.100760","DOIUrl":"10.1016/j.ijcip.2025.100760","url":null,"abstract":"<div><div>Natural hazards such as earthquakes or floods can severely disrupt transportation networks and lead to cascading effects to other critical infrastructure (CI). A functioning road network is crucial to maintain spatial accessibility of CI such as hospitals or fire stations, especially during disaster scenarios. In the present study, we introduce a geographic information system (GIS)-based model that is able to identify and quantify the access roads to CI facilities through shortest path analysis, namely the Access Road Identification (ARI)-model. Including hazard maps into the model allows comparing CI accessibility in a baseline scenario with a hazard scenario. We exemplary apply the elaborated model to two case studies considering the accessibility of hospitals during floods in Hamburg, Germany and fire stations during an earthquake event in the Tehran-Karaj metropolitan region, Iran.</div><div>The results show significant differences between the two case studies: Floods have an overall low impact on the accessibility of hospitals in Hamburg, but single hospitals lose up to 40 % of their access roads during the flood. In Tehran-Karaj however the model indicates that about 38 % of the fire stations have access roads exposed to the earthquake hazard, while a fifth of them lose over 50 % of their access roads and four facilities are completely inaccessible.</div><div>These findings highlight the need for robust contingency planning by identifying and prioritizing CI facilities that are most at risk. The novelty of the ARI-model consists in its facility-centered approach to measure spatial accessibility of single CI services, thus unveiling valuable insights regarding the potential loss of direct access roads. The transferability of the model allows to adapt it to various use cases, where different hazards or CI facility types are considered. The model can serve relevant stakeholders as a decision-making tool for prioritizing resource allocation, planning evacuation measures and enhancing disaster preparedness based on CI accessibility, thus being applicable both to the preparation and response phase of disaster management. In the future, an extension of the ARI-model is planned by implementing dynamic hazard maps, data on traffic demand and additional weighting of the results.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100760"},"PeriodicalIF":4.1,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143824271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SPARK and SAD: Leading-edge deep learning frameworks for robust and effective intrusion detection in SCADA systems","authors":"Raghuram Bhukya ,&nbsp;Syed Abdul Moeed ,&nbsp;Anusha Medavaka ,&nbsp;Alaa O. Khadidos ,&nbsp;Adil O. Khadidos ,&nbsp;Shitharth Selvarajan","doi":"10.1016/j.ijcip.2025.100759","DOIUrl":"10.1016/j.ijcip.2025.100759","url":null,"abstract":"<div><div>Considering SCADA systems operate and manage critical infrastructure and industrial processes, the need for robust intrusion detection systems-IDSs cannot be overemphasized. The complexity of these systems, added to their increased exposure to more sophisticated cyber-attacks, creates significant challenges for continuous, secure operations. Traditional approaches to intrusion detection usually fail to cope, scale, or be as accurate as is necessary when dealing with the modern, multi-faceted problem of an attack vector against SCADA networks and IIoT environments. Past works have generally proposed the use of different machine learning and deep learning anomaly detection strategies to find possible intrusions. While these methods have, in fact, been promising, their effects are not without their own set of problems, including high false positives, poor generalization to new types of attacks, and performance inefficiencies in large-scale data environments. In this work, against this background, two novel IDS models are put forward: SPARK (Scalable Predictive Anomaly Response Kernel) and SAD (Scented Alpine Descent), to further improve the security landscape in SCADA systems. SPARK enables an ensemble-based deep learning framework combining strategic feature extraction with adaptive learning mechanisms for volume data processing at high accuracy and efficiency. This architecture has stringent anomaly detection through a multi-layered deep network adapting to ever-evolving contexts in operational environments, allowing for low latency and high precision in the detections. The SAD model works in concert with SPARK by adopting a synergistic approach that embeds deep learning into anomaly scoring algorithms, enabled to detect subtle attack patterns and further reduce false-positive rates.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100759"},"PeriodicalIF":4.1,"publicationDate":"2025-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143783593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Assessing earthquake risks to lifeline infrastructure systems in the United States","authors":"N. Simon Kwong ,&nbsp;Kishor S. Jaiswal","doi":"10.1016/j.ijcip.2025.100758","DOIUrl":"10.1016/j.ijcip.2025.100758","url":null,"abstract":"<div><div>The security and economic stability of the United States rely heavily on robust lifeline infrastructure systems and yet the risks to such systems are seldom quantified at the national scale. For example, while earthquake risks to buildings in the United States have been investigated at the national scale regularly, such risks to gas pipelines have rarely been investigated nationally. In this paper, we use examples from two critical infrastructure sectors to demonstrate (1) the nature of earthquake risks to lifeline infrastructure systems, (2) complexities involved in regional seismic risk assessments, and (3) how such risks change with time. We found that bridge risks can be underestimated by at least 64 % when viewed from repair costs instead of traffic demands and that regional risks can be underestimated by 19 % when spatial correlations of ground motion are ignored. Further, exceedance of traffic demand can be 50 times more likely to occur when viewed at the regional scale than when viewed at an individual bridge. Similarly, exceedance of repairs can be 180 times more likely to occur when viewed at the pipeline network level than at a segment-specific level. Finally, sensitivity analyses with the 2018 and 2023 USGS National Seismic Hazard Models indicate an increase in bridge risk of at least 24 % and an increase in exposed gas pipeline mileage of 43 %. The evolution of risks, complexities involved in assessments, and limited resources jointly underscore the need for more routine updates to nationwide seismic risk assessments of lifeline systems in the United States.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100758"},"PeriodicalIF":4.1,"publicationDate":"2025-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143738890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Situation Awareness for Cyber Resilience: A review","authors":"Emanuele Bellini ,&nbsp;Giuseppe D’Aniello ,&nbsp;Francesco Flammini ,&nbsp;Rosario Gaeta","doi":"10.1016/j.ijcip.2025.100755","DOIUrl":"10.1016/j.ijcip.2025.100755","url":null,"abstract":"<div><div>Cyber resilience is increasingly crucial in critical infrastructure protection. Central to achieving cyber resilience is Situation Awareness (SA), the comprehension of the current state of cyber environments, and the ability to anticipate future developments. This paper reviews the intersection of cyber resilience and SA, highlighting the most important features of SA to address the resilience objectives in cyber–physical systems. The survey synthesizes recent research findings, highlights trends, and offers insights into its importance across various domains. By synthesizing diverse perspectives and recent developments in the field, this survey serves as a valuable resource for researchers, practitioners, and policymakers engaged in cyber resilience and SA operations, providing a foundation for further research and practical implementations in the field.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100755"},"PeriodicalIF":4.1,"publicationDate":"2025-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143563168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Interdependencies and third parties","authors":"Roberto Setola","doi":"10.1016/S1874-5482(25)00011-3","DOIUrl":"10.1016/S1874-5482(25)00011-3","url":null,"abstract":"","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100750"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143508441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimizing vehicle security: A multiclassification framework using deep transfer learning and metaheuristic-based genetic algorithm optimization","authors":"Hamad Naeem ,&nbsp;Farhan Ullah ,&nbsp;Ondrej Krejcar ,&nbsp;Deguang Li ,&nbsp;Danish Vasan","doi":"10.1016/j.ijcip.2025.100745","DOIUrl":"10.1016/j.ijcip.2025.100745","url":null,"abstract":"<div><div>An extension of the Internet of Things (IoT) paradigm, the Internet of Vehicles (IoV) makes it easier for smart cars to connect to the Internet and communicate with one another. Consumer interest in IoV technology has grown significantly as a result of the increased capabilities of smart vehicles. However, the rapid growth of IoV raises serious privacy and security issues that can lead to dangerous accidents. To detect intrusions into IoT networks, several academics have developed deep learning-based algorithms. Detecting malicious assaults inside vehicle networks and lowering the frequency of smart vehicle accidents are the goals of these models. The proposed approach makes use of an advanced three-layer design that combines ensemble approaches, Genetic Algorithms (GA), and Convolutional Neural Networks (CNNs). Three essential steps are used to execute this methodology: In order to perform CNN-based analysis, we first convert high-level IoV data into image format. The hyperparameters of each base learning model are then optimized via GA, which improves the performance and adaptability of the models. Lastly, we combine the outputs of the three CNN models using ensemble approaches, which greatly improves the intrusion detection system’s (IDS) long-term robustness. Two data sets were used for the evaluations: the CICEVSE dataset, which contains 22,086 samples from 12 distinct intrusion categories, and the publicly accessible Car Hacking dataset, which contains 29,228 samples from five different intrusion categories. According to the experimental findings, the proposed strategy obtained an optimal score of 100% on the Car Hacking images and 93% on the CICEVSE images, demonstrating excellent accuracy. The findings have substantial implications for the development of safe, effective, and flexible intrusion detection systems in the complicated environment of the Internet of Vehicles.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100745"},"PeriodicalIF":4.1,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143534114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Advances in UAV detection: integrating multi-sensor systems and AI for enhanced accuracy and efficiency","authors":"Vladislav Semenyuk ,&nbsp;Ildar Kurmashev ,&nbsp;Alberto Lupidi ,&nbsp;Dmitriy Alyoshin ,&nbsp;Liliya Kurmasheva ,&nbsp;Alessandro Cantelli-Forti","doi":"10.1016/j.ijcip.2025.100744","DOIUrl":"10.1016/j.ijcip.2025.100744","url":null,"abstract":"<div><div>This review critically examines the progress in unmanned aerial vehicle (UAV) detection and classification technologies from 2020 to the present. It highlights a range of detection methods, including radar, radio frequency (RF), optical, and acoustic sensors, with particular emphasis on the integration of these technologies through advanced sensor fusion techniques. The paper explores the core technologies driving improvements in detection accuracy, range, and reliability, with a special focus on the transformative role of artificial intelligence and machine learning. These innovations have significantly enhanced system performance, enabling more precise and efficient UAV detection. The review concludes with insights into emerging trends and future developments that promise to further refine UAV detection technologies, ensuring greater security and operational reliability.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100744"},"PeriodicalIF":4.1,"publicationDate":"2025-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143419605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}