Cyber Security: From Regulations and Policies to Practice

  • Leandros Maglaras
  • Mohamed Amine Ferrag
  • Abdelouahid Derhab
  • Mithun Mukherjee
  • Helge Janicke
Conference paper
Part of the Springer Proceedings in Business and Economics book series (SPBE)


The major target of cyber attacks is a country’s Critical National Infrastructure (CNI) such as ports, hospitals, water, gas or electricity producers, which use and rely upon Supervisory Control and Data Acquisitions (SCADA) and Industrial Control Systems (ICS) to manage their production. Protection of CNIs becomes an essential issue to be considered. Generally, available protective measures are classified according to legal, technical, organizational, capacity building, and cooperation aspects. In this article, we discuss regulations and policies that may be used to tackle cyber attacks to CNIs along with practical measures that need to be taken in order for these regulations to be effective. Attribution of cyber attacks, especially when these originate from another nation, is questionable regarding which country or law enforcement agency has the authority to investigate and prosecute the penetrators.


Cyber security Critical information assets 


  1. 1.
    Cook A, Smith R, Maglaras L, Janicke H (2016) Measuring the risk of cyber attack in industrial control systems. BCS eWiCGoogle Scholar
  2. 2.
    Maglaras L, Kim KH, Helge Janicke H, Ferrag MA, Rallis S, Fragkou P, Maglaras PMA, Cruz JT (2018) Cyber security of critical infrastructures. ICT Express 4(1):42–45CrossRefGoogle Scholar
  3. 3.
    Knapp ED, Langill JT (2014) Industrial network security: securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems. Syngress, AmsterdamGoogle Scholar
  4. 4.
    Ralston P, Graham JH, Hieb J (2007) Cyber security risk assessment for scada and dcs networks. ISA Trans 46(4):583–594CrossRefGoogle Scholar
  5. 5.
    Maglaras L, Jiang J (2014) Intrusion detection in scada systems using machine learning techniques. In: Science and Information Conference (SAI). IEEE, pp 626–631Google Scholar
  6. 6.
    Ten C-W, Manimaran G, Liu C-C (2010) Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern Syst Hum 40(4):853–865CrossRefGoogle Scholar
  7. 7.
    Ericsson GN (2010) Cyber security and power system communication essential parts of a smart grid infrastructure. IEEE Trans Power Delivery 25:1501–1507CrossRefGoogle Scholar
  8. 8.
    Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2018) A systematic review of data protection and privacy preservation schemes for smart grid communications. Sustain Cities Soc 38:806–835CrossRefGoogle Scholar
  9. 9.
    Zonouz SA, Rogers KM, Berthier R, Bobba R, Sanders W, Overbye T (2012) Scpse: security-oriented cyber-physical state estimation for power grid critical infrastructures. IEEE Trans Smart Grid 3:1790–1799CrossRefGoogle Scholar
  10. 10.
    Fujita H, Gaeta A, Loia V, Orciuoli F (2018) Resilience analysis of critical infrastructures: a cognitive approach based on granular computing. IEEE Trans Cybern:1–14. Scholar
  11. 11.
    Brahima S (2017) Global cybersecurity index 2017. International Telecommunication Union (ITU), pp 1–77Google Scholar
  12. 12.
    Pena-Lopez I et al (2015) Global cybersecurity index & cyberwellness profilesGoogle Scholar
  13. 13.
    Maglaras L, Drivas G, Noou N, Rallis S (2018) Nis directive: the case of Greece. EAI Endorsed Trans Secur Saf 18:5Google Scholar
  14. 14.
    Kuznetsov V, Sandstrom H, Simkin A (2002) An evaluation of different ip traceback approaches. In: International conference on information and communications security. Springer, New York, pp 37–48CrossRefGoogle Scholar
  15. 15.
    Song XD, Perrig A (2001) Advanced and authenticated marking schemes for ip traceback. In: Proceeding of the IEEE INFOCOM Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, vol 2, pp 878–886Google Scholar
  16. 16.
    Bellovin SM, Leech M, Tom Taylor T (2003) Icmp traceback messagesGoogle Scholar
  17. 17.
    Simoes P, Cruz T, Gomes J, Monteiro E (2013) On the use of honeypots for detecting cyber attacks on industrial control networks. In: Proceedings of the 12th European Conference on the Information Warfare and Security. ECIWGoogle Scholar
  18. 18.
    Lin H, Dunlap S, Rice M, Mullins B (2017) Generating honeypot traffic for industrial control systems. In: Rice M, Shenoi S (eds) International conference on critical infrastructure protection. Springer, New York, pp 193–223Google Scholar
  19. 19.
    Ahmed I, Obermeier S, Naedele M, Richard GG III (2012) SCADA systems: challenges for forensic investigators. Computer 45(12):44–51. Scholar
  20. 20.
    Mahmood AN, Leckie C, Hu J, Tari Z, Atiquzzaman M (2010) Network traffic analysis and scada security. In Handbook of information and communication security. Springer, New York, pp 383–405CrossRefGoogle Scholar
  21. 21.
    Shukla J (2008) Application sandbox to detect, remove, and prevent malware, 17 January 2008. US Patent Application 11/769,297Google Scholar
  22. 22.
    Bayer U, Moser A, Kruegel C, Kirda E (2006) Dynamic analysis of malicious code. J Comput Virol 2:67–77CrossRefGoogle Scholar
  23. 23.
    Nicholson AM, Watson T, Norris P, Du A, Isbell R (2012) A taxonomy of technical attribution techniques for cyber attacks. In: European Conference on Information Warfare and Security, p 188Google Scholar
  24. 24.
    Cook A, Nicholson A, Janicke H, Maglaras LA, Smith R (2016) Attribution of cyber attacks on industrial control systems. EAI Trans Ind Netw Intell Syst 3(7):e3, 1–15. Scholar
  25. 25.
    Schmitt MN (2013) Tallinn manual on the international law applicable to cyber warfare. Cambridge University Press, CambridgeCrossRefGoogle Scholar
  26. 26.
    Robinson M, Jones K, Janicke H, Maglaras L (2018) An introduction to cyber peacekeeping. J Netw Comput Appl 114:70–87CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Leandros Maglaras
    • 1
  • Mohamed Amine Ferrag
    • 2
    • 3
  • Abdelouahid Derhab
    • 4
  • Mithun Mukherjee
    • 5
  • Helge Janicke
    • 1
  1. 1.De Montfort UniversityLeicesterUK
  2. 2.LabSTIC LaboratoryGuelma UniversityGuelmaAlgeria
  3. 3.LRS LaboratoryBadji Mokhtar-Annaba UniversityAnnabaAlgeria
  4. 4.Center of Excellence in Information Assurance (CoEIA)King Saud UniversityRiyadhSaudi Arabia
  5. 5.Guangdong University of Petrochemical TechnologyMaomingChina

Personalised recommendations