Norsk Regnesentral, Norway
Zanasi & Partners, Italy
Institute for Corporate Security Studies, Slovenia
"Cybersecurity investments and good practices for cyber risk management in critical infrastructure" The presentation will cover ENISA's activities and recent publications in various critical sectors (e.g. Health, Maritime, Rail etc.), as well as the key findings of ENISA’s NIS investment report which takes stock of how operators in critical sectors invest their cybersecurity budgets and how these budgets have been influenced by the NIS Directive.
Modern Critical Infrastructures (CI) are becoming increasingly complex, turning into distributed, large-scale cyber-physical systems or becoming more and more interconnected and interdependent to other CIs. Cyber-physical attacks are increasing in number, scope, and sophistication, making it difficult to be prepared for them and predict their total impact. Thus, addressing cyber security and physical security separately is no longer effective, but more integrated approaches that consider both physical and cyber-security risks, along with their interrelationships, interactions, and cascading effects, are needed to face the challenge of combined cyber-physical or even hybrid attacks.
This workshop will present the different approaches on integrated cyber and physical security in different industrial sectors, such as energy, transport, drinking and waste water, health, digital infrastructure, banking and financial market, space and public administration . The peculiarities of critical infrastructure protection in each one of these sectors will be discussed and addressed by the different projects of the ECSCI cluster that will present their outcomes, discussing the technical, ethical and societal aspects and the underlying technologies.
Specifically, novel techniques will be presented for integrated security modelling, IoT security, artificial intelligence for securing critical infrastructures, distributed ledger technologies for security information sharing and increased automation for detection, prevention and mitigation measures.
The workshop will include keynote speeches, 23 projects presentations, roundtable and panel discussions, and thematic presentations. It is intended for scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing different sector and policy makers for critical infrastructure protection.
The workshop will foresee several presentations addressing the following issues:
• Mitigation of combined physical and cyber threats
• New regulatory challenges
• Ethical and legal aspects of security
• Combating Hybrid Threats to Critical Infrastructures
• Cyber and Physical Detection
• Cyber-Physical Security integration and modelling
• Increased automation for detection, prevention and mitigation measures
• Dynamic Safety and Security Risk Assessment
• Information and knowledge sharing environment and respective rules
• Standards, certifications and Regulations on the Protection of Critical Infrastructures
• Common Platform for Cascading Effects on the Different Critical Infrastructures
• Combined Safety and Security for European Critical Infrastructures
• Cyber Security Awareness
Check the agenda of Workshop!