Improving Critical Infrastructure Protection and Resilience against Terrorism Cyber Threats

摘要

Nowadays business continuity and disaster management procedures and policies are increasingly based on the notion of resilience. This relatively young topic is gaining increasing importance now that more recent experiences have shown that not all the attacks or accidents to critical information infrastructures (Clls) can be avoided even if protection measures are correctly implemented. Such a circumstance implies that the response to 'protection' needs, which has mainly shown the use of technology as a possible solution to all of the issues, is not sufficient in covering the entire lifecycle of modern information infrastructures which requires instead the implementation of redundancy measures together with specific procedures that are designed and implemented in view to facilitate a faster recovery of an asset that has suffered an unavoidable accident. The aforementioned scenario is somehow confirmed by the reorientation of the EU policies in the field and, more specifically, by the 2014-2020 European Programme for Critical Infrastructure Protection (EPCIP) which now mainly rotates around key resilience concepts like prevention, preparedness and response. This paper, after a short description of the most significant vectors of attacks directed towards Clls, offers a review of the main principles of resilience and a basic scheme that should guide those stakeholders that are in the phase of studying how to effectively implement those measures in the management lifecycle of technology driven infrastructures.