Methodologies and Strategies for Critical Infrastructure Protection

  • Nikolaos Petrakos
  • Panayiotis KotzanikolaouEmail author
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


The protection of critical infrastructures at a national level is not a trivial task. In involves various steps such as the indentation, the prioritization and the protection of those infrastructures and services that are vital for the wellbeing of the society. Although some sectors, subsectors and services seem to be very important for all countries, others may differ in their significance based on the specific economic, environmental and social characteristics of each country. In this chapter we review existing methodologies and national strategies for critical infrastructure protection. We examine methodologies for identifying and assessing critical sectors and services, relying on top-down and bottom-up administrative approaches. We examine common practices that have been applied in various countries to identify critical infrastructures and to establish national protection plans. Finally, we describe a set of goals that are commonly found in different methodologies and best practices for critical infrastructure protection.


Critical Infrastructure (CI) CI identification CI assessment criteria CI protection strategies 


  1. 1.
    Austin Smith (2017) Presidential Policy Directive 21:Implementation: an interagency security committee white paper. Interagency Security CommitteeGoogle Scholar
  2. 2.
    BKK Annual Report (2015) 10–13. Germany: federal office of civil protection and disaster assistance (BKK)Google Scholar
  3. 3.
    Chris Boyer – AT&T (2017) Critical infrastructure partnership overview. AVP – global public policy. Retrieved from
  4. 4.
    Council Directive 2008/114/EC (2008). Official J Eur Union 51: 75Google Scholar
  5. 5.
    Critical Infrastructure Security and Resilience – PPD-21 (2013) Washington DC. Retrieved from
  6. 6.
    EU Commission (2012) Review of the European Programme for Critical Infrastructure Protection (EPCIP)Google Scholar
  7. 7.
    EU Cybersecurity Dashboard: A Path to a Secure European Cyberspace (2015) BSA – the software alliance. Retrieved from
  8. 8.
    European Commission (2007) European programme for critical infrastructure protection. Off JGoogle Scholar
  9. 9.
    European Commission (2005) Green paper on a European programme for critical infrastructure protection, Brussels, COM, pp 576. Retrieved from
  10. 10.
    French National Digital Security Strategy (2015) Secrétariat général de la défense et de la sécurité nationale (SGDSN). Retrieved from
  11. 11.
    Gritzalis D, Stergiopoulos G, Kotzanikolaou P, Magos E, Lykou G (2016) Critical infrastructure protection: a holistic methodology for Greece. Conference on security of industrial control and cyber physical systems (CyberICPS). Springer, 19–34Google Scholar
  12. 12.
    Klaver M (2011) Good practices manual for CIP policies, for policy makers in Europe. Brussels: RECIPE. Retrieved from
  13. 13.
    Kotzanikolaou P, Theoharidou M, Gritzalis D (2013) Assessing n-order dependencies between critical infrastructures. Int J Crit Infrastruct 9(1–2):93–110CrossRefGoogle Scholar
  14. 14.
    Luiijf E, Burger H, Klaver M, Marieke H (2003) Critical infrastructure protection in the Netherlands: a Quick-scan. EICAR Denmark, CopenhagenGoogle Scholar
  15. 15.
    National Security Strategy and Strategic Defence and Security Review (2015) UK Government. Retrieved from
  16. 16.
    National Strategy for CIP (2009) Federal Republic of GermanyGoogle Scholar
  17. 17.
    Novotný P, Rostek P (2014) Perspective of cross-cutting criteria as a major instrument to determination of critical infrastructure in the Czech Republic. (Vol. 2). Research papers faculty of materials science and technology Slovak University of technologyGoogle Scholar
  18. 18.
    Public Private Partnerships (PPP) – Cooperative models (2017) ENISA. Retrieved from ENISA:
  19. 19.
    Rossella M, Cédric L-B (2014) Methodologies for the identification of critical information infrastructure assets and services. Guidelines for charting electronic data communication networks, European union agency for network and information security. ENISA, HeraklionGoogle Scholar
  20. 20.
    Rossella M, Cédric L-B (2015) Methodologies for the identification of critical information infrastructure assets and services. ENISA. Brussels: European Union Agency for Network and Information Security (ENISA)Google Scholar
  21. 21.
    Strategic Framework and Policy Statement on Improving the Resilience of Critical Infrastructure to Disruption from Natural Hazards (2010) London: UK Cabinet Office. Retrieved from
  22. 22.
    The Critical Infrastructure Protection in France. (2017). Paris: Secrétariat général de la défense et de la sécurité nationale (SGDSN). Retrieved from Secrétariat général de la défense et de la sécurité nationale:
  23. 23.
    The French White Paper on defence and national security (2013) Paris: permanent representation of France to NATOGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of InformaticsUniversity of PiraeusPiraeusGreece

Personalised recommendations