Anglia Ruskin Research Online (ARRO)
Browse

Modelling language for cyber security incident handling for critical infrastructures

Download (3.89 MB)
journal contribution
posted on 2023-07-26, 16:09 authored by Haralambos Mouratidis, Shareeful Islam, Antonio Santos-Olmo, Luis E Sanchez, Umar Mukhtar Ismail
Cyber security incident handling is a consistent methodology with which to ensure overall business continuity. However, specifically handling incidents for critical information infrastructures is challenging owing to the inherent complexity and evolving nature of the threat. Despite the number of contributions made to cyber incident handling, there is little evidence of literature that focuses on modelling activities that will enhance developers’ abilities to model incident handling processes and activities according to different views. Modelling languages of this nature should integrate essential concepts and a descriptive implementation process in order to enable developers to analyse, represent and reason about the crucial incident handling efforts required to support critical information infrastructures. The aim of this paper is, as part of the CyberSANE EU project, to develop a Cyber Incident Handling Modelling Language (CIHML) that focuses explicitly on modelling incident handling in the context of a critical information infrastructure. The work is innovative in its approach because it consolidates concepts from various domains such as security requirements, forensics, threat intelligence, critical infrastructures and cyber incident handling. The approach will allow the phases of the incident handling lifecycle to be modelled from three different views (critical information infrastructures, threat and risk analysis, and incident response). An implementation process is also proposed, which will serve as a comprehensive guide for developers in order to create these modelling views. Finally, CIHML is evaluated using a real-life scenario from the CyberSANE project to demonstrate its applicability. The incident observed had a severe impact on the overall business continuity of the context studied. The results obtained from the study show that CIHML can help critical information infrastructure operators to identify, evaluate, represent and model cyber incidents in critical information systems, in addition to providing the support required to determine the response strategies needed in order to mitigate these cyber-attacks.

History

Refereed

  • Yes

Volume

128

Publication title

Computers & Security

ISSN

1872-6208

Publisher

Elsevier BV

File version

  • Published version

Language

  • eng

Legacy posted date

2023-03-02

Legacy creation date

2023-03-02

Legacy Faculty/School/Department

Faculty of Science & Engineering

Usage metrics

    ARU Outputs

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC