Advertisement

SA-EF Cube: An Evaluation Framework for Assessing Intelligent Context-Aware Critical Information Infrastructure Protection Solutions

  • Jan Hendrik van NiekerkEmail author
  • Elizabeth Marie Ehlers
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 973)

Abstract

Advances in technologies such as cloud computing and Bring Your Own Technology (BYOT) environments have dramatically changed the way in which organisations do business. Critical Information Infrastructure (CII) is at the core of this revolution, yet it has become an almost impossible task to protect CII against all possible threats effectively. Multi Agent Systems (MASs) and have addressed Critical Information Infrastructure Protection (CIIP) from unique ways, yet these approaches often lack a sufficient contextualisation of the environment and its dynamism. Without a sufficient contextualisation of an environment and the dynamism that is associated with it, an automated CIIP mechanism will never be truly effective. To address this contextualisation problem that autonomous CIIP-mechanism face, the SA-EF Cube model is proposed. The model can be used as a “checklist” to assess if an autonomous CIIP solution covers the fundamental requirements to contextualise the problem domain of CIIP. The SA-EF Cube model is by no means exhaustive in nature, serves as solid foundation for an implementation checklist before any CIIP mechanism is contextualised and developed.

Keywords

Self-awareness Ambient intelligence Critical Information Infrastructure Protection Multi Agent Systems Evaluation framework Artificial Immune Systems 

References

  1. 1.
    Bruque, S., Moyano, J., Maqueira, J.M.: Use of cloud computing, web 2, 0 and operational performance: the role of supply chain integration. In: Academy of Management Proceedings, vol. 2014, no. 1, p. 10524. Academy of Management (2014)Google Scholar
  2. 2.
    von Solms, S.H., von Solms, R.: Information Security Governance. Springer, New York (2008).  https://doi.org/10.1007/978-0-387-79984-1CrossRefGoogle Scholar
  3. 3.
    Hadji-Janev, M.: Threats to the critical information infrastructure protection (CIIP) posed by modern terrorism. In: Critical Information Infrastructure Protection and Resilience in the ICT Sector, vol. 93 (2013)Google Scholar
  4. 4.
    Almklov, P.G., Antonsen, S.: Making work invisible: new public management and operational work in critical infrastructure sectors. Public Adm. 92(2), 477–492 (2014)CrossRefGoogle Scholar
  5. 5.
    Ellefsen, I., von Solms, S.: Implementing critical information infrastructure protection structures in developing countries. In: Butts, J., Shenoi, S. (eds.) ICCIP 2012. IAICT, vol. 390, pp. 17–29. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-35764-0_2CrossRefGoogle Scholar
  6. 6.
    Theron, P.: Critical Information Infrastructure Protection and Resilience in the ICT Sector. IGI Global, Hershey (2013)CrossRefGoogle Scholar
  7. 7.
    van Niekerk, J.H., Ehlers, E.M.: An immune-inspired multi-agent system for improved critical information infrastructure protection. Suid-Afrikaanse Tydskrif vir Natuurwetenskap en Tegnologie 34(1) (2015)Google Scholar
  8. 8.
    Wilson, C.: Cyber threats to critical information infrastructure. In: Chen, T.M., Jarvis, L., Macdonald, S. (eds.) Cyberterrorism, pp. 123–136. Springer, New York (2014).  https://doi.org/10.1007/978-1-4939-0962-9_7CrossRefGoogle Scholar
  9. 9.
  10. 10.
    Kuykendall, M., Wash, R.: Poor decision making can lead to cybersecurity breaches, Michigan State University (2015). http://msutoday.msu.edu/news/2015/poor-decision-making-can-lead-to-cybersecurity-breaches/. Accessed 8 Mar 2016
  11. 11.
    Gaines, J., Martin, E.: Bring Your Own Device: Implementation, Recommendations and Best Practices (2014)Google Scholar
  12. 12.
    Mishra, A., Jani, K.: Comparative study on bring your own technology [BYOT]: applications & security. In: 2015 International Conference on Electrical, Electronics, Signals, Communication and Optimization (EESCO), pp. 1–6. IEEE (2015)Google Scholar
  13. 13.
    Gharajedaghi, J.: Systems Thinking: Managing Chaos and Complexity: A Platform for Designing Business Architecture. Elsevier, San Diego (2011)Google Scholar
  14. 14.
    Skotnes, R.O.: Management commitment and awareness creation-ICT safety and security in electric power supply network companies. Inf. Comput. Secur. 23, 302–316 (2015)CrossRefGoogle Scholar
  15. 15.
    Naccache, D., Sauveron, D. (eds.): WISTP 2014. LNCS, vol. 8501. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43826-8CrossRefGoogle Scholar
  16. 16.
    ISACA: An Introduction to the Business Model for Information Security (2009). http://www.isaca.org/knowledge-center/bmis/documents/introtobmis.pdf. Accessed 9 Mar 2016
  17. 17.
    Kagan, A., Cant, A.: Information security: a socio-technical solution for homeland security threats within small to medium sized enterprises (SMEs). Homeland Secur. Rev. 8, 147 (2014)Google Scholar
  18. 18.
    Sumra, I.A., Hasbullah, H.B., AbManan, J.-L.B.: Attacks on security goals (confidentiality, integrity, availability) in VANET: a survey. In: Laouiti, A., Qayyum, A., Mohamad Saad, M.N. (eds.) Vehicular Ad-hoc Networks for Smart Cities. AISC, vol. 306, pp. 51–61. Springer, Singapore (2015).  https://doi.org/10.1007/978-981-287-158-9_5CrossRefGoogle Scholar
  19. 19.
    Ellefsen, I.: The development of a cyber security policy in developing regions and the impact on stakeholders. In: IST-Africa Conference Proceedings 2014, p. 1–10. IEEE (2014)Google Scholar
  20. 20.
    Luiijf, E., Klaver, M., Nieuwenhuijs, A.: RECIPE–Good Practices for CIP Policy-Makers. The CIP report, vol. 9, pp. 13–14 (2011)Google Scholar
  21. 21.
    Robinson, N.: Information sharing for CIP: between policy, theory, and practice. In: Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection: Approaches for Threat Protection, vol. 324 (2012)CrossRefGoogle Scholar
  22. 22.
    Ardagna, C.A., Asal, R., Damiani, E., Vu, Q.H.: From security to assurance in the cloud: a survey. ACM Comput. Surv. (CSUR) 48(1), 2 (2015)CrossRefGoogle Scholar
  23. 23.
    Bygstad, B.: Generative mechanisms for innovation in information infrastructures. Inf. Organ. 20(3), 156–168 (2010)CrossRefGoogle Scholar
  24. 24.
  25. 25.
    Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833–844. ACM (2012)Google Scholar
  26. 26.
    Ferber, J.: Multi-agent Systems: An Introduction to Distributed Artificial Intelligence, vol. 1. Addison-Wesley, Reading (1999)Google Scholar
  27. 27.
    Jennings, N.R.: On agent-based software engineering. Artif. Intell. 117(2), 277–296 (2000)zbMATHCrossRefGoogle Scholar
  28. 28.
    Wooldridge, M.: An Introduction to Multi Agent Systems. Wiley, West Sussex (2008)Google Scholar
  29. 29.
    Wooldridge, M., Jennigs, N.R.: Intelligent agents: theory and practice. Knowl. Eng. Rev. 10(2), 115–152 (2009)CrossRefGoogle Scholar
  30. 30.
    Daradoumis, T., Bassi, R., Xhafa, F., Caballé, S.: A review on massive e-learning (MOOC) design, delivery and assessment. In: 2013 Eighth International Conference on Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 208–213. IEEE (2013)Google Scholar
  31. 31.
    Ouyang, M.: Review on modeling and simulation of interdependent critical infrastructure systems. Reliab. Eng. Syst. Saf. 121, 43–60 (2014)CrossRefGoogle Scholar
  32. 32.
    Shamshirband, S., Anuar, N.B., Kiah, M.L.M., Patel, A.: An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique. Eng. Appl. Artif. Intell. 26(9), 2105–2127 (2013)CrossRefGoogle Scholar
  33. 33.
    Tapia, D.I., Fraile, J.A., Rodríguez, S., Alonso, R.S., Corchado, J.M.: Integrating hardware agents into an enhanced multi-agent architecture for Ambient Intelligence systems. Inf. Sci. 222, 47–65 (2013)CrossRefGoogle Scholar
  34. 34.
    Heydenrych, M.: An adaptive multi-agent architecture for critical information infrastructure protection. Doctoral dissertation (2014). https://ujdigispace.uj.ac.za/bitstream/handle/10210/12370/Heydenrych,%20Mark.%20M.%20Sc.%202014.pdf?sequence=1. Accessed 10 Mar 2015
  35. 35.
    Byrski, A., Dreżewski, R., Siwik, L., Kisiel-Dorohinicki, M.: Evolutionary multi-agent systems. Knowl. Eng. Rev. 30(2), 171–186 (2015)CrossRefGoogle Scholar
  36. 36.
    Aickelin, U., Dasgupta, D., Gu, F.: Artificial immune systems. Search Methodologies, pp. 187–211. Springer, Boston (2014).  https://doi.org/10.1007/978-1-4614-6940-7_7CrossRefGoogle Scholar
  37. 37.
    Dasgupta, D., Nino, F.: Immunological Computation: Theory and Applications. Auerbach Publications, Boston (2008)CrossRefGoogle Scholar
  38. 38.
    Ghosh, D., Sharman, R., Rao, H.R., Upadhyaya, S.: Self-healing systems - survey and synthesis. Decis. Support Syst. 42(4), 2164–2185 (2007)CrossRefGoogle Scholar
  39. 39.
    Phogat, S., Gupta, N.: Basics of artificial immune system and its applications. Int. J. Sci. Res. Educ. 3(5) (2015)Google Scholar
  40. 40.
    Huang, S.J., Liu, X.Z.: Application of artificial bee colony-based optimization for fault section estimation in power systems. Int. J. Electr. Power Energy Syst. 44(1), 210–218 (2013)CrossRefGoogle Scholar
  41. 41.
    Shamshirband, S., et al.: Co-FAIS: cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks. J. Netw. Comput. Appl. 42, 102–117 (2014)CrossRefGoogle Scholar
  42. 42.
    Van, T.N., Xuan, H.N., Chi, M.L.: A novel combination of negative and positive selection in artificial immune systems. VNU J. Sci. Comput. Sci. Commun. Eng. 31(1), 22–31 (2015)Google Scholar
  43. 43.
    Acampora, G., Cook, D.J., Rashidi, P., Vasilakos, A.V.: A survey on ambient intelligence in healthcare. Proc. IEEE 101(12), 2470–2494 (2013)CrossRefGoogle Scholar
  44. 44.
    Mohamed, A., Novais, P., Pereira, A., Villarrubia González, G., Fernández-Caballero, A. (eds.): Ambient Intelligence - Software and Applications. AISC, vol. 376. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-19695-4CrossRefGoogle Scholar
  45. 45.
    Lewis, P.R., et al.: A survey of self-awareness and its application in computing systems. In: 2011 Fifth IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW), pp. 102–107. IEEE (2011)Google Scholar
  46. 46.
    Bohn, J., Coroamă, V., Langheinrich, M., Mattern, F., Rohs, M.: Social, economic, and ethical implications of ambient intelligence and ubiquitous computing. In: Weber, W., Rabaey, J.M., Aarts, E. (eds.) Ambient Intelligence, pp. 5–29. Springer, Heidelberg (2005).  https://doi.org/10.1007/3-540-27139-2_2CrossRefGoogle Scholar
  47. 47.
    Duval, S., Wicklund, R.A.: Effects of objective self-awareness on attribution of causality. J. Exp. Soc. Psychol. 9(1), 17–31 (1973)CrossRefGoogle Scholar
  48. 48.
    Vago, D.R., David, S.A.: Self-awareness, self-regulation, and self-transcendence (S-ART): a framework for understanding the neurobiological mechanisms of mindfulness. Frontiers Hum. Neurosci. 6, 296 (2012)CrossRefGoogle Scholar
  49. 49.
    de Lemos, R., et al.: Software engineering for self-adaptive systems: a second research roadmap. In: de Lemos, R., Giese, H., Müller, H.A., Shaw, M. (eds.) Software Engineering for Self-Adaptive Systems II. LNCS, vol. 7475, pp. 1–32. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35813-5_1CrossRefGoogle Scholar
  50. 50.
    Yuan, E., Esfahani, N., Malek, S.: A systematic survey of self-protecting software systems. ACM Trans. Auton. Adapt. Syst. (TAAS) 8(4), 17 (2014)Google Scholar
  51. 51.
    Cox, M.T.: Perpetual self-aware cognitive agents. AI Mag. 28(1), 32 (2007)Google Scholar
  52. 52.
    Aarts, E., et al.: Ambient Intelligence: European Conference, vol. 8850. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-14112-1CrossRefGoogle Scholar
  53. 53.
    Laugé, A., Hernantes, J., Sarriegi, J.M.: Critical infrastructure dependencies: a holistic, dynamic and quantitative approach. Int. J. Crit. Infrastruct. Prot. 8, 16–23 (2015)CrossRefGoogle Scholar
  54. 54.
    Sansurooh, K., Williams, P.A.: BYOD in ehealth: herding cats and stable doors, or a catastrophe waiting to happen? Australian eHealth Informatics and Security Conference, Edith Cowan University (2014)Google Scholar
  55. 55.
    Bessani, A.N., Sousa, P., Correia, M., Neves, N.F., Verissimo, P.: The CRUTIAL way of critical infrastructure protection. Secur. Priv. 6(6), 44–51 (2008)CrossRefGoogle Scholar
  56. 56.
    Lopez, J., Setola, R., Wolthusen, S.D.: Overview of critical information infrastructure protection. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds.) Critical Infrastructure Protection 2011. LNCS, vol. 7130, pp. 1–14. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-28920-0_1CrossRefGoogle Scholar
  57. 57.
    Pastrana, S., Montero-Castillo, J., Orfila, A.: Evading IDSs and firewalls as fundamental sources of information in SIEMs. In: Advances in Security Information Management: Perceptions and Outcomes. Nova Science Publishers, Inc. (2013). http://www.seg.inf.uc3m.es/papers/2013nova-evasion.pdf. Accessed 12 Mar 2016
  58. 58.
    Sun, Y.L., Han, Z., Yu, W., Liu, K.R.: A trust evaluation framework in distributed networks: vulnerability analysis and defense against attacks. INFOCOM 6, 1–13 (2006)Google Scholar
  59. 59.
    Kahan, B.: Review of evaluation frameworks, prepared for saskatchewan ministry of education (2008). http://www.idmbestpractices.ca/pdf/evaluation-frameworks-review.pdf. Accessed 13 Mar 2016
  60. 60.
    Kahan, B., Goodstadt, M.: The IDM manual - sections on: basics, suggested guidelines, evidence framework, research and evaluation, using the IDM framework, Centre for Health Promotion, University of Toronto (2005). http://idmbestpractices.ca/idm.php?content=resources-idm#manual. Accessed 13 Mar 2016
  61. 61.
    Patton, M.Q.: Developmental Evaluation: Applying Complexity Concepts to Enhance Innovation and Use. Guilford Press (2011)Google Scholar
  62. 62.
    Yusof, M.M., Kuljis, J., Papazafeiropoulou, A., Stergioulas, L.K.: An evaluation framework for health information systems: human, organization and technology-fit factors (HOT-fit). Int. J. Med. Inf. 77(6), 386–398 (2008)CrossRefGoogle Scholar
  63. 63.
    Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management (2013). http://file.scirp.org/Html/4-7800154_30059.htm. Accessed 13 Mar 2016CrossRefGoogle Scholar
  64. 64.
    Verry, J.: The relationship between the ISO 27001 and ISO 27002 standards (2013). http://www.pivotpointsecurity.com/blog/iso-27001-iso-27002-standards/. Accessed 13 Mar 2016
  65. 65.
    ISACA: COBIT 4.1: Framework for IT Governance and Control (2016). http://www.isaca.org/knowledge-center/cobit/pages/overview.aspx. Accessed 13 Mar 2016

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jan Hendrik van Niekerk
    • 1
    Email author
  • Elizabeth Marie Ehlers
    • 1
  1. 1.Academy of Computer Science and Software EngineeringUniversity of JohannesburgJohannesburgSouth Africa

Personalised recommendations