Although largely invisible to us, our lives are dependent on critical infrastructure (CI). CI is made up of roads, rail, pipelines, power lines, together with buildings, technology, and people. Some of this infrastructure is modern, but much of it is ageing and interconnected in so many ways that we fail to realise our dependency on CI or its dependencies until its loss disrupts our day-to-day lives.
This dependency has not been lost on governments, which now invest significant sums on securing this infrastructure from cybersecurity threats. Unfortunately, in most cases, this investment entails bolting security mechanisms onto existing infrastructure. Such investment decisions are made by people with little knowledge of the infrastructure they are securing and, has such, little visibility of the impact that poorly designed security might have on the day-to-day delivery of these critical services. Moreover, because technology innovation does not evolve at the same pace in different cultures, and security which mitigate the risks faced by critical infrastructure in one country may not be as effective in another. The reason for these differences are myriad, and range from differences in working practices to expectations about the scale of infrastructure being secured. There is, therefore, a need to evaluate security solutions against specification exemplars based on these nuanced, representative environments. However, to develop exemplars of such environments requires data collection and knowledge sharing about nuances associated with particular forms of critical infrastructure for different cultures.
The Bournemouth-Athens Network in Critical Infrastructure Security (BANCIS) project will examine and model the nuances associated with two forms of critical infrastructure in different national cultures. It will do so by building a network between Cybersecurity researchers at BU, and the Information Security & Critical Infrastructure Protection Laboratory at Athens University of Economics & Business (AUB). These nuances will be modelled as specification exemplars of UK and Greek water and rail companies. By developing these exemplars, researchers and practitioners will be able to conduct a cost-effective evaluation of new ideas based on realistic CI environments. The exemplars will also help students appreciate the challenges associated with designing security for complex, real-world systems. The exemplars will be modelled using the CAIRIS security design tool; this is an open-source software product maintained by researchers at BU. The data necessary to build these exemplars will be collected over a series of visits by AUB researchers to BU, and BU researcher to AUB.
Please contact Shamal Faily if you’re interested in finding out more about BANCIS, or getting involved in the project.