Critical Infrastructure Information Security Model

Abstract

Malfunction of critical infrastructures have a serious impact on health, safety, security and economic wellbeing of citizens and have therefore to be supremely protected. Today’s cyber threats gain in importance especially for critical infrastructure as they have enormous potential for damage. Critical infrastructures are the backbone of our nation's economy, security and health. Different instruments are available to address various information security topics. Some regulations exist for parts of critical infrastructure sectors. But there is currently no unique security level of critical infrastructure enterprises. Goal of this study is to develop a model for critical infrastructures to prevent and mitigate current cyber risks. Gaps in information security for critical infrastructures were disclosed between available instruments and the needs of critical infrastructure providers. Primary source is based on case study research. Critical infrastructure experts were interviewed to get information about current situations in critical infrastructure enterprises. Books, documentation and journals in the field of information security or critical infrastructure protection are investigated as secondary resources. These sources were used to build a model by prototyping approach, which then was validated by critical infrastructure experts. Analysis of the case study discloses gaps in the area of awareness, cyber risk management, education, funding, regulation and technology. The developed “Critical Infrastructure Information Security Model” describes these areas and shows an improved information security model with focus on cyber risks of critical infrastructures.