Resilience Approach to Critical Information Infrastructures

  • Eric LuiijfEmail author
  • Marieke Klaver
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


This chapter discusses new societal risk due to the fast information and communication as well as operational technology changes which are not yet fully taken into account by governmental policymakers and regulators. Internet-of-things, cloud computing, mass consumer markets and embedded operational technologies are some of the areas outlined in this chapter which may be the cause for serious disruptions of critical infrastructures, critical information infrastructures, essential services, and the undisturbed functioning of the society. Current national protection approaches mainly focus on the classical telecommunication sector and the stove-piped critical sectors such as energy, health, transport, etcetera. This chapter argues that a change of mind and actions are needed to properly govern the new cyber risk before serious incidents occur and that such a new approach is urgently needed to make the societies at large more resilient.


Policy and management Policy analysis Critical information infrastructure Critical infrastructure protection Operational technology Internet of Things Essential services 



This chapter is a follow-up on earlier work by the authors in the domain of legal risk regulation which was published in [12].


  1. 1.
    Bevir M (2012) Governance: a very short introduction. Oxford University Press, OxfordCrossRefGoogle Scholar
  2. 2.
    Boemer JC et al (2011) Overview of German grid issues and retrofit of photovoltaic power plants in Germany for the prevention of frequency stability problems in abnormal system conditions of the ENTSO-E region continental Europe. In: 1st international workshop on integration of solar power into power systems, p 6Google Scholar
  3. 3.
    Boyes H, Isbell R (2017) Code of practice cyber security for ships. London, United KingdomGoogle Scholar
  4. 4.
    CIPedia(c) (n.d.). Available at: Accessed 18 June 2018
  5. 5.
    CISCO (n.d.) Internet of Things (IoT). Available at: Accessed 16 June 2018
  6. 6.
    DHS (2017) Critical infrastructure sectors. Available at:
  7. 7.
    ENISA (2017) Considerations on ICT security certification in EU Survey Report. Heraklion, Greece
  8. 8.
    European Commission (2016) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Brussels, Belgium. Available at:
  9. 9.
    European Commission (2017) Proposal for a Regulation of the European Parliament and of the Council establishing a framework for screening of foreign direct investments into the European Union. Brussels, Belgium. Available at:
  10. 10.
    Fisher D (2017) BrickerBot, Mirai and the IoT Malware Knife Fight. Digital Guardian blog. 26 April. Available at:
  11. 11.
    Justicenews (2015) Facebook outage sparks calls to 911. Justice Bews Flash. 27 January. Available at:
  12. 12.
    Luiijf E, Klaver M (2015) Governing critical ICT: elements that require attention. Eur J Risk Regul 6(2):263–270. CrossRefGoogle Scholar
  13. 13.
    Luiijf E, Van Schie T, Van Ruijven T (2017) Companion document to the GFCE-MERIDIAN good practice guide on critical information infrastructure protection for governmental policy-makers. The Hague, Netherlands. Available at:
  14. 14.
    Ministry of Security and Justice (2011) Dossier DigiNotar webpage, Dossier DigiNotar. Available at:
  15. 15.
    Olenick D (2018) Researchers uncover BranchScope, a new Intel processor vulnerability. SC Magazine, 27 March. Available at:
  16. 16.
    StasV&W (2001) Nota Kwetsbaarheid op internet (KWINT). The Hague, The Netherlands: Tweede Kamer der Staten Generaal. Available at:
  17. 17.
    The Council of the European Union (2008) Council Directive 2008/114/EC of 8 December 2008 on the indentification and designation of European critical infrastructures and the assessment of the need to improve their protection. Off J Eur Union 75–82Google Scholar
  18. 18.
    TNO (2017) Truck platooning technology ready for the public roads. The Hague, The Netherlands. Available at: Accessed 18 June 2018
  19. 19.
    Touton L (2002) IANA handling of root-zone changes. Available at:
  20. 20.
    Vanhoef M, Piessens F (2017) Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017). ACM, pp. 1313–1328. Available at:
  21. 21.
    Wagenseil P (2014) Heartbleed: who was affected, what to do now. Tom’s Guident, April. Available at:,news-18588.html.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Luiijf ConsultancyZoetermeerThe Netherlands
  2. 2.Netherlands Organisation for Applied Scientific Research TNOThe HagueThe Netherlands

Personalised recommendations